Friday Squid Blogging: Squid Dissection

A six-hour video of a giant squid dissection from Auckland University of Technology.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on July 18, 2014 at 4:35 PM • 226 Comments

Comments

Ed HurstJuly 18, 2014 8:05 PM

@ Wesley Parish: Might be a good idea if it was made to pick up Linux viruses, but the threat in question is currently limited to PHP servers. I am told by real sysadmins the main problem is poorly configured servers.

StarChildJuly 18, 2014 8:44 PM

@Buck

"I think, maybe; 'the truth' has always been spin..."

People are definitely ridden with an enormous range of bias and incomplete information, often well hidden from even their most well worked inspections.

But can there be such differences as biased reasoning or broken reasoning versus solid reasoning? Or between honesty and bullshit?

Or if "absolute truth" is in question, is "relative" or "varying truth" also in question?

Is there not such a thing as "truth to the best of your knowledge"?

AlanSJuly 18, 2014 9:24 PM

From today's WaPo: Meet Executive Order 12333: The Reagan rule that lets the NSA spy on Americans

"From 2011 until April of this year, I worked on global Internet freedom policy as a civil servant at the State Department. In that capacity, I was cleared to receive top-secret and “sensitive compartmented” information. Based in part on classified facts that I am prohibited by law from publishing, I believe that Americans should be even more concerned about the collection and storage of their communications under Executive Order 12333 than under Section 215."

.July 18, 2014 9:24 PM

So a couple of months have passed now, any thoughts on an alternative to TrueCrypt?

AndrewJJuly 18, 2014 9:49 PM

Longform Snowden interview with Guardian editor in chief Alan Rusbridger and Ewen MacAskill - http://www.theguardian.com/world/2014/jul/18/-sp-edward-snowden-nsa-whistleblower-interview-transcript

Wired write-up on the Jesus Marina's hacking of Hotel room automation systems -
http://www.wired.com/2014/07/hacking-hotel-room-controls/ - Full talk to come at Blackhat.

And the Washington Post article on 12333 in Alan S's comment is very good reading, in particular:

The draft stated that “if U.S. citizens disagree with congressional and executive branch determinations about the proper scope of signals intelligence activities, they have the opportunity to change the policy through our democratic process.”

But the White House counsel’s office told me that no, that wasn’t true. I was instructed to amend the line, making a general reference to “our laws and policies,” rather than our intelligence practices. I did.

Jonathan WilsonJuly 18, 2014 10:16 PM

Regarding the changes to Australian security laws I have no doubt the recent revelation that an Australian went to the middle east and blew himself up will be used as justification for this (i.e. "we need this to stop people like that")

As for TrueCrypt, the best option seems to be "keep using the version before the one that gutted it" (downloaded from a trustworthy source) or a trustworthy fork from that version's code if one exists and await the outcome of the security audit that will identify any backdoors in it.

ismarJuly 18, 2014 10:31 PM

Another one from me this Friday (Saturday)

Regarding SpiderOak Online File Storage

They claim in their features page

https://spideroak.com/engineering_matters

that they can store versions of files efficiently by only saving differences of encrypted files.

I'm not an expert on cryptography and would like somebody to comment on how is this possible given that files are stored as encrypted on their servers?

StarChildJuly 18, 2014 10:44 PM

drive and file encryption:

This is a pretty booming business area. Problem is: are you going to trust any non-opensource* solution (as the vast majority of these are). IMNSHO, some of the best solutions are real time encryption external devices. Iron Key is one vendor, but there are many vendors that offer these solutions. *Not to be political, but as backdoors can merely be intentional vulnerabilities that can be designed to be extremely difficult to find, evade source code auditing tools, and appear as a legitimate, unintentional vulnerability one has to be careful for considering perfect security.

Going even further, I notice articles here and there about how XYZ agency could not break X or Z encryption. How frustrating. Possibly a lie to encourage use of that very tool.

'Best security is to never write anything down'.

Nick PJuly 19, 2014 12:12 AM

@ StarChild

Your proposal of things like IronKey suffer from the same problem as proprietary software. The difference is almost nobody has the skills to audit their hardware. Open software file or disk encryption is still the most auditable option.

@ ismar

I'm pretty sure I've seen cryptographic protocols for that in the past. The easiest route, though, is for the client to do a diff on the file, encrypt it with a new key, and send the encrypted diff to the storage provider to be stored with the main file. That the user is modifying the file means the client already pulled it to their device. That's most the work right there. I'll add that a stream cipher probably fits this use case best.

However, any tech as sophisticated as SpiderOak's total offering needs plenty vetting. These kinds of things are when open source, even if still commercial, is a good idea. People have screwed up so many simpler cryptosystems... mistakes that were only found after many years of people looking at the protocol and/or code. And the closed part is the client that most of the security depends on. As StarChild said, you've gotta trust them and BULLRUN makes me uneasy about doing that.

FigureitoutJuly 19, 2014 1:03 AM

/* Sorry in advance for the extremely long post, I'll go quiet for some time afterwards. Hope to generate some stimulating conversation. */

/* Shout-out to Aspie, I'm working on an email soon where we can exchange some more info so as to establish a better connection (and cut down posting email addresses). Want to see how you're doing. */

/********** Part 1 **********/

Analysis of Latest Snowden Interview (I, spy: Edward Snowden in exile)

http://www.theguardian.com/world/2014/jul/18/-sp-edward-snowden-interview-rusbridger-macaskill

--Snowden did another interview w/ a couple Guardian reporters. Interesting read, I haven't really read an article on Snowden for at least 6 months, just read the dramatic headlines that Bruce is a big fan of (haha). Basically they are trying to gauge how he's been able to deal w/ the isolation of being a whistleblower. Still outplaying slow-moving agencies, showing how a single individual can evade the supposedly all-seeing intel agencies, he responds to several criticisms and makes some statements that I believe need to be reflected on and analyzed. Keep in mind that an admitted NSA/CIA agent should not be fully trusted ever, they're legally allowed to live a complete fabricated lie.

Michael Hayden, former NSA/CIA chief made what turned out to be a false prediction and statements, that Snowden would be "isolated, bored, lonely, depressed, and alcoholic". Snowden's response: "I actually don't drink". In terms of being "isolated and depressed", Snowden's having a movie made after him, recently was awarded a medal from EPIC, and continues practicing even more necessary OPSEC to remain alive (which he already had training on). Being hidden away on a computer isn't torture to those of us that enjoy working on computers all day...Anyway, onto mini-analysis of certain statements.

"I mean, I don't eat a whole lot. I keep a weird schedule. I used to be very active, but just in the recent period I've had too much work to focus on."
--Those of us that have tried out real OPSEC for various purposes, know that you have to plan every movement and always have a back-up plan or way out in most any moment; hurrying thru risky areas where you're stuck.

RE: taking down Bolivian president's plane
"It was just shockingly poorly thought out, and yet they did it anyway, and they keep at these sort of mistakes....I almost felt like I had some sort of friend in government."
--This would be a radical twist if in fact there were further insiders that deliberately sabotoged efforts to capture Snowden. This threat doesn't just go away, leading to further restrictions and surveillance on even the most loyal followers; not lending well to recruitment prospects. As has been discussed here, you aren't allowed to even put your experience on your resume, so even if you're an outside contractor and you do something you're proud of, you have to censor yourself else be sent off to jail and have your life ruined.

“That’s probably too political. I hate politics. Really, I mean, this is not me, you know. I hope you guys can tell the difference.”
--Can relate here...the politics just in America have gotten so absurd it's in your interest to not even waste your time participating until the system collapses from mismanagement or it just becomes completely irrelevant. If you have any self-respect, you just stay away from it. Please be my guest and go find out for yourself if you don't believe me...

RE: speculation he's a double agent
“If the government had the tiniest shred of evidence, not even that [I was an agent], but associating with the Russian government, it would be on the front page of the New York Times by lunchtime.”
--Still waiting on that evidence that firstly he's a double agent, and also that there was physical harm to current agents in the field. Oh we can't be told anything b/c that's a compromise, sounds like a sh*tty excuse to operate w/ no accountabilty.

“And when we’re talking about things like terrorist cells, nuclear proliferators – these are organised cells. These are things an individual cannot do on their own. So if they abstain from communicating, we’ve already won. If we’ve basically talked the terrorists out of using our modern communications networks, we have benefited in terms of security – we haven’t lost.”
--Basically downplaying the "lone-wolf" threat, in that yes you always have your psychos that just go shoot up a bunch of completely random and innocent people. That's a symptom of a failure of society, not terrorism. People not taking care of each other when they can, that's essentially what that is.

“It may be that by watching everywhere we go, by watching everything we do, by analysing every word we say, by waiting and passing judgment over every association we make and every person we love, that we could uncover a terrorist plot, or we could discover more criminals. But is that the kind of society we want to live in? That is the definition of a security state.”
--No generation ever had to live like this before. People were allowed to make mistakes in the past, learn from them, move on, and grow into an overall good person eventually. Now, children are expected to be perfect out the womb and aren't allowed to explore much anymore, leading to massive declines in creativity/innovation. My prediction is it's too radical a change and that we won't adapt and there will further mental illness and other unnecessary harm happening.

“Many of the people searching through the haystacks were young, enlisted guys, 18 to 22 years old. They’ve suddenly been thrust into a position of extraordinary responsibility, where they now have access to all your private records. In the course of their daily work, they stumble across something that is completely unrelated in any sort of necessary sense – for example, an intimate nude photo of someone in a sexually compromising situation. But they’re extremely attractive. So what do they do? They turn around in their chair and they show a co-worker. And their co-worker says, ‘Oh, hey, that’s great. Send that to Bill down the way’, and then Bill sends it to George, George sends it to Tom, and sooner or later this person’s whole life has been seen by all of these other people.”
--See this all the time w/ younger people who don't have any remorse for certain actions. No respect for intimacy or putting themselves in that situation, just a lack of maturity and wisdom. Back when I was younger, I would beat up or at least confront these kinds of people to put them in their place if they were unacceptably inconsiderate. Now I just have to either let it go or get a little more creative in teaching them a lesson...Other graybeards on here (at least 1 I'm certain of) do this a lot...

RE: quality of audits
“A 29-year-old walked in and out of the NSA with all of their private records,” he shoots back. “What does that say about their auditing? They didn’t even know.”
--Basically speaks for itself. This shatters my confidence in these people protecting critical infrastructure of the country, where foreign agents could either kill us or cost us a lot of money if they were successfully attacked. Complete failures need overhauls.

“To an analyst, nine times out of 10, you don’t care what was said on the phone call till very late in the investigative chain. What you care about is the metadata, because metadata does not lie. People lie on phone calls when they’re involved in real criminal activity. They use code words, they talk around it. You can’t trust what you’re hearing, but you can trust the metadata. That’s the reason metadata’s often more intrusive.”
--Exactly. As I've mentioned before in my past (shameful) life, even making the initial contact and exchanging a secret that must remain secret, is becoming more and more impossible.

RE: digital communications services
“They just put Condoleezza Rice on their board, who is probably the most anti-privacy official you can imagine. She’s one of the ones who oversaw [the warrantless wire-tapping program] Stellar Wind and thought it was a great idea. So they’re very hostile to privacy.”
--He's talking about Dropbox. He recommends SpiderOak. But he also used to use Lavabit and they're shutdown...

“What people often overlook is the fact that, when you build a back door into a communication system, that back door can be discovered by anyone around the world. That can be a private individual or a security researcher at a university, but it can also be a criminal group or a foreign intelligence agency – say, the NSA’s equivalent in a deeply irresponsible government. And now that foreign country can scrutinise not just your bank records, but your private communications all around the internet.”
--Bruce has pounded this point so many times, he may have even influenced Snowden's opinion. Balancing backdoors is a failing strategy and you essentially backdoor yourself...just idiots who need to removed from making these decisions.

“The work of journalism has become immeasurably harder. Journalists have to be particularly conscious about any sort of network signalling; any sort of connection; any sort of licence plate-reading device that they pass on their way to a meeting point; any place they use their credit card; any place they take their phone; any email contact they have with the source. Because that very first contact, before encrypted communications are established, is enough to give it all away.”
--This is I think one of the most important points. That everyone will feel the pain as computers and networks become more and more connected w/o your consent. The initial contact is critical, and the amount of OPSEC needed is basically impossible now to successfully exchange a secret needed for that 1st authentication on untrustworthy networks.

“You have a tremendous population of young military enlisted individuals [in the NSA] who may not have had the number of life experiences, to have felt the sense of being violated. And if we haven’t been exposed to the dangers of having our liberties violated, how can we expect these individuals to reasonably represent our interests?”
--Basically ties into above quote about analysts sharing nude photos and laughing about people's sex life. I'm sure they would enjoy the same treatment and being watched having intimate relations w/ their partners. I personally prefer to express those feelings in private, since it's such an intimate connection. Feeling watched makes the experience much worse that I lose most to all interest.

So that was the main quotes, I hope he's being sincere. Not I nor most anyone here knows exactly how he feels now. I don't think I would make it long mentally as I know how easy it is to get into places...Making public appearances now becomes almost a protection, as it would make it more likely to spot a potential assassin.


/********** Part 2 **********/

Software-Defined Radio (SDR) and How it Relates to Security

For older engineers, this isn't really that much of a big deal as they were conscious during the beginnings of SDR and how more processing could be done w/ code in powerful chips (instead of visible transistors and small filters) and large swaths of analog signals mass-converted to digital ones.

I don't get how only hams could be the ones getting so excited w/ this technology (there's downsides as w/ all tech.), I would rank it near some of the most exciting today due to all its potential uses. Humanity's control of EM signals took a great leap w/ this technology.

You can read up some on it if you're intrigued, as usual there's more info than you can likely handle:

https://en.wikipedia.org/wiki/Software-defined_radio

http://www.ab9il.net/software-defined-radio/sdr1.html

To make it more relevant though to most people here, what do you think we can do w/ all that digitized data..? Save it, see it, and...Encrypt it! In the ham world, as most know, it's illegal for encrypted signals that others can decode (ie the way to decode needs to be public info); but there would be minimal problems if you decided to have a go yourself at encrypting and transmitting this data small distances and low power, likely no one will notice nor care.

But I'll just get to what prompted me to make this post, is this site (there's another one too: http://websdr.org/ ).

http://websdr.ewi.utwente.nl:8901/

Besides the board being very pretty, this is the data being digitized and them hosted on the internet! No need to log in, you can tune from 0-28kHz. You can test it yourself and it works! Like 1 second lag from transmit to on the site.

But here's the main connection I was making to security and communications. If you've somewhat anonymized your connection, you can log in and transmit via some obscure frequency and read the data off the internet. You can do some simple tricks like inverting the "mark and space" in the classic RTTY mode which other hams won't read (they could though, just an example). This is a PoC though, an excellent one at that. It's a homebrew SDR, proprietary ones are extremely powerful (and still expensive...).

StarChildJuly 19, 2014 2:54 AM

@Figureitout

I read the whole interview, and felt he was sincere. Being 29, he really would have to be something nearly not human to have managed such deeply thought out responses and not have been sincere.

What sticks out to me on his responses is how intel agencies might obtain partnerships with corporations who might just give them all the data, and how this can bypass all rules and regulations. They do it for advertisers, why not for governments.

But maybe I am biased there.

I do not believe those companies refutations, I can't shake the idea that the ones who have given them access may see such refutations as simply diabolically clever lies.

It reminds me of how I imagine Hoover when he shook out homosexuals in government, while all along being such an obvious homosexual himself. I could see the man just in glee with how smart he thought he was.


Otherwise, I did not take much away which I felt was new or unknown.

Sancho_PJuly 19, 2014 4:06 AM

RE: Is Snowden trustworthy? (e.g Figureitout)

No need to go into any detail, just open your mind and listen to this bright young man for *one single minute*.
It's a shame what our society does to a talented human being, I mean a real one, having a heart, not an android / sockpuppet.

I'd happily invite Ed to my small kingdom, hand him all keys and get him a job.
Shame on us cowards.

another oneJuly 19, 2014 8:49 AM

I've not seen any speculation about Amazon especially but also dating sites as funnels of valuable info to NSA.

another oneJuly 19, 2014 9:01 AM

"Today, even the CIA finds itself compelled to outsource some of its data collection by availing itself of Amazon's powerful cloud servers, in a deal estimated at $600 million." ---The Nation

Nick PJuly 19, 2014 11:21 AM

@ Figureitout

Most points I agree on. So, I'll focus on the others.

re double agent

If they had evidence, it might not be enough to be newsworthy or believable given their low trust rating. They might also not have evidence due to incompetence. So, this argument isn't a defense. Of course, we have to assume he's not a double by default until proven otherwise so he's looking good here.

re backdoor

He's wrong on this. VPN's, port knocking, and basic authentication are backdoors. *Implemented well*, they tend to work fine at allowing only the permitted people in without others gaining access. NSA's RNG corruption was exemplarly in this as well. Besides, major TLA's haven't had a problem compromising most non-backdoored systems with 0-days so we've continuously assumed they'd break most COTS systems anyway. A well-protected and audited backdoor would just be a risk to most of them on a typical system, while a significant obstacle on a more secure system.

A side issue of this is BULLRUN. The NSA couldn't get more overt access that their mission requires. People said no to backdoors. So, what did they do? They came up with covert programs like BULLRUN to insert (a) backdoors and (b) software vulnerabilities in COTS software. They've apparently had a lot of success with this. Unlike an vetted L.E. mechanism, the covert backdoors range from unknown quality to easy to hack. The latter comes from the fact that they often maintain deniability by inserting the very types of common vulnerabilities our enemies find with ease. So, if anything, our security in proprietary U.S. products is better off if they have a high assurance access method than them lying that they don't backdoor and secretly putting in whatever garbage TAO comes up with. Life's ironies, eh?

Note: People are still free to use non-proprietary software in this case and deal with the legal risk themselves. Or wrap proprietary communications in assured, OSS VPN's. Or crypto-seal communications before transporting or storing them via proprietary software. Many compromises can be made without significantly reducing security for people who care about it.

re SDR

Yes, it has a ton of potential for both indie communications projects and security with careful transmissions. It's exciting stuff. That the military themselves are treating it like it's the wave of the future should clue people in. There's already quite a few security analysis, too.

Slime Mold with MustardJuly 19, 2014 12:32 PM

@Figureitout

Perhaps you'll recall this case from a few years ago:
http://www.dailymail.co.uk/news/article-1290475/Anna-Chapman-11-Russian-spies-accused-Cold-War-style-plot-US.html

Other articles referred to a "private Wi-Fi network". I am quite certain that this was SDR. And the Feds were listening. The technique actually long predates SDR, and counter-intelligence agencies equipped many of their vehicles with multiple scanners for exactly this reason. (see also: Frequency Hopping)

(Sorry about linking to a tabloid - it's what came up first and I'm busy)

StarChildJuly 19, 2014 1:11 PM

If you are putting data on a website which the website can decrypt or otherwise see, you should consider that data toast.

I do not think they tend to create these levels of access "because of potential warrants", but they tend to already have them for a wide variety of reasons including very mundane technical support reasons.

They certainly will have access to their own certificates and have sensors deployed analyzing all that data between you and their website.

I strongly doubt "only the US or Five Eyes" have access like that to the major websites.

If you have a name in a computer, identification matching that name, and usually a working badge -- you are in. Nobody will even look at you. They have so many consultants, contractors, sales, technicians, telecommuters, new people coming in and out.

ShunJuly 19, 2014 2:09 PM

Is SDR one-way communication only? In other words, would it allow for upload and download, or download only?

iain.moffatJuly 19, 2014 4:10 PM

@Shun:

SDR is just a different way of implementing radio - it can be used for transmitters, receivers or both. The website ones mentioned by "figureitout" above are public receivers useful for those without room for an efficient antenna system or for stations to hear their own signals at a distance.

Whereas a traditional radio receiver uses essentially analogue methods of frequency multiplication, frequency translation and amplification to convert a modulated radio signal down to baseband before either analogue or digital processing to extract and present the information (and the reverse in a transmitter) an SDR is essentially digital all the way to the antenna except for possibly a few broadband amplifier stages. This became realistic for professional users once Analogue to Digital converters and Digital to Analogue converters with sufficient speed to cover the entire high frequency radio spectrum became available in the 1980s (at great cost) and affordable around the turn of the century. As Moore's law has progressed over the years the digital part has also evolved from racks of custom ECL and bit slice hardware in 1980s ELINT and ESM kit to a mixture of DSPs and FPGAs today, so the entire functionality of the radio apart from input sensitivity and (maximum) output power can be defined in software at the point of use.

At a practical level for security purposes this allows complex spread spectrum and frequency hopping stealth methods to be implemented without traditional constraints of PLL synthesisers, and these can be easily changed in the field (unlike traditional solutions that could at best change crypto variables and hop sets). From the monitoring/ELINT viewpoint SDR allows a receiver to do direct FFT spectrum analysis of large frequency ranges in real time without the sweep rate and dwell time constraints of a traditional spectrum analyser or the dynamic range problems of a Bragg Cell electro-optical frequency to space converter.

Hope this helps

Iain


WaelJuly 19, 2014 7:23 PM

@ktj,

Thanks for sharing! Excellent paper. I particularly like the:

Overall, the: otherwise great security of iOS has been compromised... by Apple... by design.
Says a lot.

WaelJuly 19, 2014 7:59 PM

@Max,
My reaction... 21:25? Too old to watch a cartoon for that long, where is the 2 to 3 minute interesting portion of it?

WaelJuly 19, 2014 8:28 PM

@Max,
I speed-watched it...
Cute. Maybe the Matrix took some ideas from there. The worst is yet to come :)

Nick PJuly 19, 2014 10:47 PM

@ Wael

The Matrix is actually inspired by this thought-provoking anime. It's one of the few often enjoyed by those that *don't* watch much anime. The Wachowski Brothers just screened that to the financiers and basically said "we want to do this live action with CG and top notch actors." Was highly successful in that it brought the philosophy and digital physics genre's to a mainstream audience, causing many to start asking the hard questions. And, of course, it inspired the rebel/hacker in us all... until majority of Americans saw the next TV show or movie, anyway.

WaelJuly 20, 2014 12:11 AM

@ Nick P,

The Matrix is actually inspired by this thought-provoking anime
Thanks! I'll watch it the next opportunity :)

Blue Pill?July 20, 2014 4:08 AM

@Nick P

"The Matrix ... inspired the rebel/hacker in us all..."

The foreground action may have inspired the rebel hacker, but some folks overlook the subliminal sucker punch that disempowers at the metaphysical level.

The Matrix put across the idea that true reality is made of a dialectical stuff subject to mental manipulation. By detaching appearance from substance, would be rebels are subverted at the root where action meets being.

When faced with oppression, if given the choice between becoming more virtual or becoming more actual, the Matrix example points in the more virtual direction.

By constrast, military operations take place in primary being which naturally contains and limits the virtual. They can thus be prime movers in a world where Matrix rebels are at best secondary movers.

65535July 20, 2014 6:44 AM

@ AlanS

Re: EO 12333

[The actual text of this Executive Order states it cannot over-ride the constitution and must have Congressional oversight – which is not happening]:

“2.8 CONSISTENCY WITH OTHER LAWS”

“Nothing in this Order shall be construed to authorize any activity in violation of the Constitution or statutes of the United States.”

"3.1 CONGRESSIONAL OVERSIGHT"

“The duties and responsibilities of the Director of Central Intelligence and the heads of other departments, agencies, and entities engaged in intelligence activities to cooperate with the Congress in the conduct of its responsibilities for oversight of intelligence activities shall be as provided in title 50, United States Code, section 413. The requirements of section 662 of the Foreign Assistance Act of 1961, as amended (22 U.S.C. 2422), and section 501 of the National Security Act of 1947, as amended (50 U.S.C. 413), shall apply to all special activities as defined in this Order.”

https://www.hsdl.org/?view&did=1565

And amended EO 12333:

“2.8 Consistency With Other Laws. Nothing in this Order shall be construed to authorize any activity in violation of the Constitution or statutes of the United States.”

“3.1 Congressional Oversight. The duties and responsibilities of the Director and the heads of other departments, agencies, elements, and entities engaged in intelligence activities to cooperate with the Congress in the conduct of its responsibilities for oversight of intelligence activities shall be implemented in accordance with applicable law, including title V of the Act. The requirements of applicable law, including title V of the Act, shall apply to all covert action activities as defined in this Order.”

http://fas.org/irp/offdocs/eo/eo-12333-2008.pdf

It would appear that someone is playing fast and loose with US Constitution and Congressional oversight rules.

I would think violating the US Constitution would cause a lawsuit. Lying to Congress should cause criminal charges!

Where is the enforcement? Is the enforcement hole at the AG level? Is the Congressional oversight hole at the committee level?

Mike the goat (horn equipped)July 20, 2014 8:33 AM

Ilikecrypto: there was a great presentation at DEFCON by a two man team who managed to pwn both a Ford Escape and a Toyota Prius via ODB2/CAN. Perhaps more impressive was that they succeeded in not just spoofing CAN messages (requiring a device to be on the bus doing the injection) but successfully modified the PCM's firmware to make their changes persistent. They pretty much had the cars doing what they wanted - this included uncommanded (by the driver) steering inputs using the servomotors for the park assist feature, disabling of brakes by enabling brake bleed diag mode and jamming of the throttle. They ended up destroying the inverter in the Prius doing the latter much to the amusement of a few in the audience... I am sure the talk is online somewhere.

sena kavoteJuly 20, 2014 12:12 PM

Should anybody who can and who has suitable computer, use internet only from virtual machines? Host OS is mostly a matter of taste as long as it is Linux or BSD. Then put virtualbox VM for (1) tor browser, (2) VM for normal firefox or chrome with flash, (3)VM for youtube-dl / clive / cclive (optionally via tor) and bittorrent, (4) off-line VM for opening risky files and (5) VM for light 3d multiplayer games. Heavy multiplayer games and heavy use of Blender or video editor needs to be on host OS.

Use shared folders with VMs if and when needed to move files to better place in host OS or other VM.

Tails could be best guest OS with tor browser if shared folders are not needed, but it is bit clunky to start and no x86-64.

Maybe revert some VMs to a snapshot after every session.

Also if BIOS has a setting that disables hard disk, use live DVDs while hard disk is disabled. The hard disk disabling setting may be something non-clear like "IDE-mode".

Also, OS booting, system files and settings could be on a 32 GB USB 3.0 stick with big files stored on internal hard disk in encrypted form so that malware can't get to them. I would like so that there is no need to type passphrases because the keyfiles are on the stick and automatically used after booting.

These settings and arrangements can be used by anybody ( grandma, businessman, diplomat... ) if someone else installs and configures them and then demonstrates them from a big TV or projector.


BenniJuly 20, 2014 12:18 PM

I think this is a good article on tor and its relation to the NSA:

http://www.infowars.com/almost-everyone-involved-in-developing-tor-was-or-is-funded-by-the-us-government/

Money quotes:

"In 2012, Tor co-founder Roger Dingledine revealed that the Tor Network is configured to prioritize speed and route traffic through through the fastest servers/nodes available. As a result, the vast bulk of Tor traffic runs through several dozen of the fastest and most dependable servers: “on today’s network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays.”


"In his e-mail, Snowden wrote that he personally ran one of the “major tor exits”–a 2 gbps server named “TheSignal” –and was trying to persuade some unnamed coworkers at his office to set up additional servers. He didn’t say where he worked. But he wanted to know if Sandvik could send him a stack of official Tor stickers. (In some post-leak photos of Snowden you can see the Tor sticker on the back of his laptop, next to the EFF sticker)."


BenniJuly 20, 2014 12:21 PM

So the bottomline is, when you use tor, your traffic is quaranteed to get through NSA servers

BenniJuly 20, 2014 1:03 PM

this happens when you use windows phone 8X:

http://www.spiegel.de/international/germany/expulsion-of-cia-head-a-sign-of-tougher-german-response-to-spying-a-980912-2.html

Steffen Bockhahn, a member of the intelligence committee for the Left Party in the last legislative period, was also apparently targeted in surveillance activities.

On July 30, 2013, Bockhahn's closest associate was on the phone in her house in the northern city of Rostock when the conversation was suddenly interrupted. She was alarmed when she glanced at her display. The phone, a Windows Phone 8X, seemingly operated by an invisible hand, had searched through her texting communications with Bockhahn. Then the device's email program was opened without the phone's owner being able to stop it. According to her account, emails specifically related to the parliament control panel appeared on her display. She insisted that a hacker was browsing through the documents. It may be a coincidence, but at the time the committee had been briefed about the NSA scandal almost weekly in closed-door meetings -- and Bockhahn was one of the most vocal German critics of the global espionage operation.

Nick PJuly 20, 2014 1:31 PM

@ Benni

I recommend you never cite or even read InfoWars again. It's run by a guy whose self-serving fake information is distracting from real issues enough that alternative news sites are even blasting him:

http://www.projectcensored.org/disinfo-wars-alex-jones-war-mind/

(Note: It's got a nice background on him and list of a subset of his lies that didn't prove out despite his "inside sources.")

I'd be interested in seeing such information on Tor if you have it from a reputable source. Your credibility here is good. Sites like InfoWars will weaken it so I warn you.

StarChildJuly 20, 2014 1:50 PM

The Matrix, Ghost in the Shell, etc

Another very likely influences (or extremely paradoxical coincidences) for influences to the Matrix would be: The Invisibles ...

http://en.wikipedia.org/wiki/The_Invisibles

Good writeup on this at Cracked (Scroll down on that first page)

http://www.cracked.com/article_19443_7-classic-movies-you-didnt-know-were-rip-offs.html

Google Play Books now has this online

I would have to argue that, however, to a certain degree the Matrix is also a typical social phenomena, a part of a long trend coming from cinema towards some expansionist thinking

For instance, around the time the Matrix came out you also see two other pivotal movies coming out along the same "reality challenging" lines: Dark City & the 13th Floor.

Before this, Philip K Dick's were making some mainstream success, and invariably has been a huge influence on the "reality challenging" cinema lines (or books)

Tracking back some of the core concepts, however, you can see a lot all the way back to (at least) Plato's Cave. Though there are also reflections of "reality may not be as it seems" concepts in numerous (if not all) religions, especially such religions as what the aborigines had on the dreaming.

(A stream of thought that goes distinctly against the pure materialistic viewpoint of the Greek atomists, and modern materialism, though not necessarily against modern quantum and astrophysics.)

(Definitely these sorts of concepts are held up by the latest psychology, very good books on this: incognito, willful blindness, and the invisible gorilla)

On the Matrix & Social Change

I think that key social change does require severe paradigm shifts within individuals and groups. I do not believe that ultimate change towards the better is through the violence depicted in the Matrix, but is by the metaphor of conflict -- which I do assert is one of the real big draws to conflict in movies, as most people surely do not get involved in gun fights, but all are routinely involved in conflict.

The Matrix and Ghost in the Shell have been mainstays among hackers, though by far my own favorite anime is Death Note.

On Social Change and Metaphoric Calls

A coincidence, but I just finished the "Last 24 Hours" on Jim Morrison, and found it amusing when they pointed out that the FBI was all over him because of some lyrics which called for revolution. While this depiction of Jim was different from others I had seen, with differing accounts, it did keep up a singular thread that despite these lyrics Jim was not calling for societal change nor violence, but individual change.

In other words, you can probably find your self on a list just for talking about personal and social psychological change... because the capacity for groupthink authorities to understand sarcasm or appreciate groups other then their own: is very low.


StarChildJuly 20, 2014 2:21 PM

@BluePill?

"By constrast, military operations take place in primary being which naturally contains and limits the virtual. They can thus be prime movers in a world where Matrix rebels are at best secondary movers."

I think that is seeing the glass half empty.

It is true, as "the free world" inches more and more towards Authoritarianism, the chance for social change grows increasingly dim. Democracies do have a severe problem with doing this, however, as historically it is difficult for them to forget the well worked out principles of their various revolutions, the Cold War, and the Second World War. ("The war against terrorism" here might also be included, though the sad reality is that this has become their recent, favorite excuse.)

This situation appears very grim, for while they are saluting "liberty" and pretending to hold to the basic concepts of it, it is very clear that is increasingly "just something they do for PR". Behind closed doors, as Snowden and others have revealed, they are anything but pro-liberty, and in fact, actually extraordinary hypocrites with very authoritarian ambitions on their mind and heart.

This sort of vast... hypocritical.... disconnect for large groups is by no means new. It was a mainstay for the authoritarianism in the west's religious empire, and strongly apparent in both Nazism and Communism... though I do believe both of those systems did not have as much truth, by any means, as modern democracies have held (ever so briefly) and are now utilizing as a cover, a guise, for their rotten direction.

Point being: words can potentially be far more hurtful to their directions then weapons. A remaining free press, rights to free belief, personal rights in regards to unreasonable search and seizure, and so on also helps keep that fire alive.

This is what I meant above on "there is such a thing as truth", and why I do believe that "propaganda" is invariably a far weaker social weapon in comparison.

While there is much bad to say about this "information age", we have seen some strong breaks in the cloud to continue to give hope: no small part of that is the capacity to expose and so bring well deserved shame and meaningful global condemnation against parties guilty of truly deep wrongs.

No small reason for this is past wrongs exposed: Hoover, Hitler, Stalin, Pol Pot, societies where rape is condoned, Abu Gharib, My Lai, Guantanamo Bay... and so many others. The recent shooting down of a plane full of AIDs workers. There is nearly some new addition to the growing global definition of "wrong" everyday.

And ultimately, I would argue that there is merit to the very simple equation that being wrong is equivalent to true stupidity, worthy of very painful shame.

Though I would be lying to say I believe the odds are good the world will continue in this sort of positive direction. While the capacity to expose them is much greater, their capacity to keep secret the deeds they so desperately want to hide is also much stronger.

Iain MoffatJuly 20, 2014 2:44 PM

@Sena Kavote: Johanna Rutkowska has done something rather like your multi VM solution using Xen and some specific code to integrate the VMs and provide somewhat secure data transfer between them - https://wiki.qubes-os.org/ - it's on my to do list to build a PC with Qubes and try it.

I have done something similar with various "Live CD" linuxes on top of VirtualBox with no assigned permanent storage in the VM since Knoppix and VBox were new, for most of my general browsing and research to reduce the risk of the host OS picking up any drive by infections but I think you would ideally need to build applications like the browser and mail client as VMs so it "seems like" starting the normal tools, to make it usable by a wider unskilled user base. Tails is actually quite a good functional Live CD for this purpose even if TOR is not needed.

Iain

Nick PJuly 20, 2014 3:36 PM

@ sena

Iain beat me to it saying QubesOS is about what you're asking for. There's also commercial solutions from Green Hills, VxWorks, LynuxWorks, General Dynamics, Sirrix, and more that do this. However, the reality of their security is they provide an isolation mechanism and aren't targeted much. It's similar situation to how Mac's rarely had viruses. So, essentially you just use the easiest option for running a web browser isolated from your main system. It can be a LiveCD, a virtual machine, a specialized platform like Qubes, a browser sandbox such as Sandboxie, or a hardened browser on an old PowerMac (non-Intel processor).

Nick PJuly 20, 2014 3:40 PM

@ Iain

I know I've said it before but I *really* miss the HD's with a write protect switch. If integrity was the main concern, one could use whatever he or she wished so long as that switch was in read-only position. Reboot and poof the virii are all gone. :)


BenniJuly 20, 2014 4:24 PM

@Nick P

I did not knew who runs inforwars, but I think he merely quotes statement like this here is from prof. dingledine, and this is the reputable university professor who is mainly responsible for tor:

https://lists.torproject.org/pipermail/tor-relays/2012-July/001433.html

"But lately the Tor network has become noticeably faster, and I think it
has a lot to do with the growing amount of excess relay capacity relative
to network load:

https://metrics.torproject.org/network.html?graph=bandwidth&start=2010-06-01&end=2012-07-21#bandwidth

At the same time, much of our performance improvement comes from better
load balancing -- that is, concentrating traffic on the relays that can
handle it better. The result though is a direct tradeoff with relay
diversity: on today's network, clients choose one of the fastest 5 exit
relays around 25-30% of the time, and 80% of their choices come from a
pool of 40-50 relays."

https://trac.torproject.org/projects/tor/ticket/6443"

What prof. dingledine says here is that an agency just has to get into the list of the 5 fastest exit nodes and must operate 40-50 relays to see very much.

well, I do not know much of tor, but with an adversary like the NSA, what dingledine says here poses a security risk, if tor has still such a behavior. Dingledine said this in Mon Jul 23 18:58:54 UTC 2012

At the same time, when you read this tor stinks slides, then you will find statements like:

http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document


"Critical mass of targets use Tor. Scaring them away might be counterproductive.
We can increase our success rate and provide more client IPs for individual Tor users.
We will never get 100% but we don’t need to provide true IPs for every target every time they use Tor."


So they really have the desire at NSA/GCHQ to use tor as honeypot. "Scaring them away might be counterproductive", as they say.

And we have this information from the tor stinks slide

"Gchq runs tor nodes under newtons cradle. How many? on p. 4

and on p. 20:

"How many nodes do we have cooperative access to? Can we deploy similar code instructions to these nodes?"


So these guys, whoever they were, who wrote the TOR stinks presentation did not even have the clearance to know how many nodes the GCHQ operates.....

Probably, there is information on tor at NSA/GCHQ that is quite well protected. And this should indicate that some suspicion with respect to tor is quite healthy.

It maybe tor is just to give them some computing work, but not much beyond that.

This is not news but it is something, that is openly available in non classified research:

http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf

Our analysis shows that 80% of all types of users may be de-anonymized by a relatively moderate Tor-relay adversary within six
months. Our results also show that against a single AS adversary
roughly 100% of users in some common locations are deanonymized
within three months (95% in three months for a single IXP)


If you just put the information on this study at the tor project newsfeed, then they will answer you with this:

"Here's some more reading:

https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters

That's the response and explanation for the research paper you cite. It *is* a big deal, but it is not necessarily a fundamental problem with the Tor design."

Not a fundamental problem with the tor design?

Well what is in the link that the tor project gives as answer:

" Secondly, their scenario has the adversary control the Autonomous System (AS) or Internet Exchange Point (IXP) that maximally deanonymizes the user (they exclude the AS that contains the user and the AS that contains her destinations). This "best possible point to attack" assumption a) doesn't consider how hard it is to compromise that particular part of the Internet,"

And that is quite funny.

Since I know at least one "internet exchange point IXP, where they are making a full take. And this is just the worlds largest IXP today.


Germany's g10 law says that they can make a full take of 20% of the network capacity of a provider. At the hearing of the NSA investigation comission of the german parliament, the judges noted that 20% of the capacity of the largest internet exchange point in the world, de-cix is around its current maximum load of 3.4 Tbit/s, see p. 13:

http://www.bundestag.de/blob/280844/35ec929cf03c4f60bc70fc8ef404c5cc/mat_a_sv-2-3-pdf-data.pdf

But not only de-cix is copied by ND but they also copy from other providers:
http://www.spiegel.de/spiegel/vorab/bnd-laesst-sich-abhoeren-von-verbindungen-deutscher-provider-genehmigen-a-926221.html

And that BND indeed makes a full take if it copies, this was admitted by the german government:

http://goo.gl/jsh7BZ "Hierzu fordert der BND gemäß § 2 Abs. 1 S. 3 G10 in Frage kommende Telekommunikationsdienstleister auf, an Übergabepunkten gemäß § 27 TKÜV eine vollständige Kopie der Telekommunikationen bereitzustellen." in english:
"For this, BND demands, according to article 2 paragraph 1, sentence 3 G10, from the telecommunication providers in question to provide a complete copy of the telecommunication data at the handover points according to article 27 TKÜV."

That the internet exchange point de-cix is among the providers that are forced to provide a copy to BND was admitted by de-cix operators to the german computer magazine C't: http://goo.gl/PAXT8Z

So it is no wonder that there is a strange coincidence between the maximum load of 3.5Tbit/s at the world's largest internet node de-cix, and the NSA's project Rampart-A, which is advertised as having a network load of "more than 3 Tbit/s":

http://goo.gl/UqfUFg

BND shares its data with NSA. So NSA/BND/GCHQ can certainly monitor a large fraction of IXP's.

But in order to work, the attack in
here: http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf

needs more. The authors write:

"When considering autonomous systems as adversaries, those with
the capability to deanonymize Tor traffic are those which exist upon
the AS path between the client and guard as well as between the
exit and destination."

So monitorin the IXP does not suffice, they have to monitor the exit nodes.
Well, but I must admit, I am not a tor expert. But if you add to this, already very fragile situation, the statement of dingledine:

""But lately the Tor network has become noticeably faster, and I think it
has a lot to do with the growing amount of excess relay capacity relative
to network load:

https://metrics.torproject.org/network.html?graph=bandwidth&start=2010-06-01&end=2012-07-21#bandwidth

At the same time, much of our performance improvement comes from better
load balancing -- that is, concentrating traffic on the relays that can
handle it better. The result though is a direct tradeoff with relay
diversity: on today's network, clients choose one of the fastest 5 exit
relays around 25-30% of the time, and 80% of their choices come from a
pool of 40-50 relays.""


then that becomes toxic. It is very easy for NSA to provide the 50 fastest and most stable tor relays and the more than 5 extremely fast exit nodes.

And this are exactly the ingredients that make the attack in
http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf

a working model.
In this wired article, http://www.wired.com/2014/05/snowden-cryptoparty/ it is written that:

"Most of those relays are run by volunteers, and the pre-leak Edward Snowden, it turns out, was one of them. (Through his lawyer, ACLU attorney Ben Wizner, Snowden declined to comment for this story).

In his e-mail, Snowden wrote that he personally ran one of the “major tor exits”–a 2 gbps server named “TheSignal”–and was trying to persuade some unnamed coworkers at his office to set up additional servers. He didn’t say where he worked. But he wanted to know if Sandvik could send him a stack of official Tor stickers. (In some post-leak photos of Snowden you can see the Tor sticker on the back of his laptop, next to the EFF sticker)."

wired is no conspiracy journal. I think there is not much doubt that the NSA runs major tor exits, one of which is called "the signal", because the NSA can get much signals intelligence from tor.

It is like in the tor stinks presentation:

""Critical mass of targets use Tor. Scaring them away might be counterproductive.
We can increase our success rate and provide more client IPs for individual Tor users."

Nick PJuly 20, 2014 4:34 PM

@ Benni

Awesome post, references and analysis. Now that's kind of post we need on the subject! :)

I agree that Tor is a risk given the control they have of the network. If they don't own it now, they will in enough time. It's still useful if big TLA's controlling the networks are outside the threat profile. There are *many* such use cases listed on their website. Yet, it can't be trusted if they're what you're protecting against. Offline methods, HTTPS stego, and so on are still best kinds of tactics. The people/messages have to either be invisible to them or indistinguishable from the masses.

Just like Spy vs Spy in the Cold War. ;)

Iain MoffatJuly 20, 2014 5:25 PM

@Nick: Some early USB sticks I had were fitted with a write protect switch - how much safer they really were depends on whether they worked by setting an i/o pin on the USB stick processor or some real hardware r/w line (I suspect the former).

All the current hard disk and memory card interfaces are serial or register based (write command and address to locations X and Y to get back data in location Z) so need bidirectional communication even to read data. As a result there isnt a practical way to insert a real mechanical switch in the way that there was when you had access to the read and write head wires in an MFM disc cable directly. It needs an ATA protocol proxy or "man in the middle" of the SATA or PATA cable that can interpret and rewrite command traffic to actively prevent write commands while allowing reads. I have seen USB to SATA interfaces with a read only option advertised on Amazon and Ebay "for forensic use" at under £50 so someone else had that idea already. Most of the listings seem to look the same as:

http://www.cooldrives.com/index.php/usb-3-0-to-ide-sata-adapter-with-write-protect-selection.html

I'm sure its a software implemented write protect of course, but they should be sufficent to stop any standard issue untargeted malware that expects a writeable HDD with a wide open MBR to make its permanent home in !

Iain

sena kavoteJuly 20, 2014 5:32 PM

@Nick P

Yes it would be good if we had physical write protect switches in all kinds of computers: laptop, tablet, desktop, smart phone and usb-stick. I guess the reason we can't have them is that 0,1% of users would accidentally switch them and then complain loudly that their product is broken.

The switch could be made so that it needs a pin or toothpick.

We could also have read-protect, transmitter, receiver, computing unit off and screen off switches. And physical selector for 4 alternative BIOSes. And special host key for use with virtual machines.

Does Linux kernel or some BSD kernel have support for reading any of those switches so that software can warn the user if something blocked is tried?

With something like kickstarter projects it would be more effective to demand such switches for applicable devices where it makes sense.

With usb sticks and external spinning hard drives we could have the write protection in a special usb hub. That special usb hub that could be called usb-firewall, could also have different ports for mouse and keyboard so that no malicious usb device could spoof them and pretend to be keyboard and mouse, doing something that lets malware in. To add some small extra security, it could also have option to encrypt keystrokes for modified keystroke handlers that decrypt them, so that at least malware has to get around that and be more complex and detectable, especially with remote shells if the keystrokes are decrypted only there on a remote machine. Something like this could also be used against cheating in video games by sending hardware-certified keystrokes and mouse movements to game servers.

Iain MoffatJuly 20, 2014 6:03 PM

@Sena: This is very much part of the same family of ideas as the in-cable disk encryption Nick and I have discussed previously. I think to generalise a bit we are looking at a USB proxy for the HID (Mouse and Keyboard) and Mass Storage protocols with the ability to selectively encrypt the payload and block unsafe or unwanted commands. The other key feature is that configuration must be via a separate connection than the data USB port on the host PC (and better completely independent such as a USB port presenting a Serial UART and a command line interface) so a compromised host PC cannot reconfigure it or access crypto keys.

Iain

SecurityJuly 20, 2014 7:26 PM

@Slime:

Unless one can prove otherwise, I read it was a simple adhoc connection between two individuals, one inside one outside.

Chris AbbottJuly 20, 2014 9:21 PM

OFF TOPIC, Slightly:

Well, cryptography is never off topic on Fridays at this blog, but I had a strange, but possibly useful idea when looking at the PTT button on walkie-talkies. We all know about the benefits of encrypting things on an air-gapped machine before sending them. What if you had a "computer inside a computer", basically, a system where you have a part of the system that cannot connect to the Internet or the rest of the system, that encrypts your communications, puts them in a separate piece of memory, then switches off in order not to be contaminated before the Internet connected system can read them. This seems like it could be a good way to protect you against side channel attacks like key loggers, ect. Does anyone have thoughts on this? I'd like to have input about this idea.

BenniJuly 20, 2014 9:23 PM

"HTTPS stego, and so on are still best kinds of tactics. "

Well, one problem with tor is also that it suggests some security, which is not there. Namely, if you are using the easy to use tor browser bundle with https anyway and so on.

Well, one problem is that websurfing is always a communication with someone (a server) whom you do not know personally. And so you do not have much possibilities to manually verify a given ssl certificate.

On the certificate of your tor browser, you can not trust. the nsa makes man in the middle attack, presenting faked google and yahoo certificates, in project flying pig:
https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_sh.html

If they can fake a google certificate that is accepted by your browser, then there is a high chance that they also can fake the ssl certificate of the server you are communicating with.

It is at least highly unlikely that this http://googleonlinesecurity.blogspot.de/2014/07/maintaining-digital-certificate-security.html which worked with internet explorer on yahoo and google and with chrome on google http://msdn.microsoft.com/en-us/library/ff723917(v=expression.40).aspx was their only attempt.

For example, openssl complies Federal Information Processing Standard. And this commission has people like this on board:

In 2004, a random number generator that was deliberately weakened by NSA made its way into a NIST standard: http://goo.gl/NW2ZnJ In short time, academics raised concern that this algorithm was deliberately backdoored. This turned out to be true but at first the claims were dismissed by NIST, with "NIST mathematician" Elaine Baker stating: "We do not have evicence for a [...] backdoor. [..] For this reason we are not withdrawing the algorithm": http://goo.gl/rXnwXz

Mrs. Elaine Baker has the following biography, with the most worrisome detail that she was not only an NSA employee but also worked in international standard comissions, not just american, national ones: http://goo.gl/o2UaCb "Elaine Barker received a B.S. in Mathematics from Central Michigan University. She has been extensively involved in cryptographic activities, beginning at the National Security Agency (NSA) as a mathematician in 1964. [...] In 1983 she came to NIST as a mathematician and is currently acting as a supervisor for the development of cryptographic standards and guidelines in the Security Technology Group of the Computer Security Division. She has been involved with the development of a number of Federal Information Processing Standards (FIPS), American National Standards Institute (ANSI) and International Standards Organization (ISO)"

So these people are also in the FIPS comission, thereby they are also the ones who certify libraries like openssl.


The tor browser bundle has several security flaws. Here is a recent one:

https://micahflee.com/2014/07/security-advisory-upgrade-to-onionshare-0-4-immediately/

"This is a serious vulnerability because the recipient can use it to deanonymize the sender by forcing webkit to load a resource on a website that the attacker controls. This resource will be loaded over the normal internet, not Tor, so the receiver can check their web server log to find the sender’s IP address.

Additionally, I’ve discovered that the version of webkit that comes with Qt4′s QtWebKit framework is scarily old, and doesn’t get automatic webkit updates. It’s possible that there are year-old public webkit exploits could be used by the receiver to not only deanonymize the sender, but escalate to arbitrary code execution."


The conclusion of all this is that against an adversary like NSA/BND/GCHQ you can not trust the tor browser.

So anything that is communicated over tor must additionally be end to end encrypted via pgp or some other application, and it must be send to a person that you know personally enough to manually be able to verify his/her signature.

This basically means that in order to escape an adversary like the NSA, you have to stop to browse the web, where you constantly keep communicating with servers that you do not personally know.


Retroshare http://retroshare.sourceforge.net/ can be run over tor, and is able to end to end encrypt the remaining communications like voip,chat, forums,email and file exchange with pgp, but then, retroshare's sourcecode did not yet underwent a security audit from an independent group like it now happens with truecrypt...

Since the guys at NSA have the "sniff it all" and "exploit it all" as their motto, people now basically need an education how hackers classically exploit sourcecode. And then one has to skim through the sources of the programs that we use.

I myself know a bit C, but currently I have a book on hacking techniques on my desk. And it is scary how easy you can overlook it, when some lines in C code are written in a way that can be easily exploited.

Never would have thought that it is that easy to get a root shell on linux......

And it seems that one has to use C since otherwise, one is easily using some high level librarys, and does not even recognize that the exploit is not in your own code, but in the libraries you use that were written by someone else....


Chris AbbottJuly 20, 2014 9:27 PM

@Benni

I'm re-learning C. Haven't really used it much since high school, but .NET sucks. I just started coding again recently, using .NET. It's fairly easy to code with, but, .NET code seems to be incredibly slow.

Chris AbbottJuly 20, 2014 9:36 PM

And also:

I know C has major problems, but I still trust it more than .NET libraries. Writing stuff in C and compiling with GCC seems safer than anything else, if you want efficiency.

Nick PJuly 20, 2014 10:03 PM

@ Chris Abbott

C is one of the worst things you can do for safety. I show why language choice impacts security greatly here. Ada, the Wirth languages (eg Pascal/Oberon/Modula), PL/S, Java, and the ML family are all much safer. Each of these have been used to write system code with good performance. All but ML have been used in OS's. (examples) The best option is to use something like Ada, Free Pascal, or Active Oberon. Secure runtimes or FFI's can be made if they're a concern, along with modifications to their compilers to prevent/contain common attacks.

If it sounds like work guess what: building real world and secure apps in C is more work. A least the work you put into a safe, high performance language will keep paying off, eh? ;)

sena kavoteJuly 20, 2014 10:08 PM

Re: TOR

It would be great to hear what people like Cenk Uygur of the young turks say about the endless speculation that tor is nsa plot because they got money from US government.

Even if it is, being more protected from China and Russia should be enough reason to use TOR, and also tor being nsa plot would be so super secret that they could not use the info got that way so often, so clearly and so credibly. Even if the info can be given, but if the reason for having the info can not be given to, for example, a CIA agent, a general, a prime minister of other country or a police officer, then there is going to be less trust that the info is not a lie or not based on misunderstanding.

It is possible to exclude any exit nodes by editing a configuration file. Maybe we in the relatively free countries should leave the most likely NSA nodes for those countries that mostly just try to circumvent censorship while privacy being secondary. We could have a script that edits the config file based on our country.

As could be guessed, at least NSA spies directory authorities, so would it make sense to get a file containing the tor node info, from torproject.org mirror sites and other web sites? Maybe a file that has nodes only from a continent size area to get first node for first hop?


Re: Qubes

I intend to install Qubes on hardware sometime... That may not be possible or easy enough with current hardware compatibility, and then I would wait for updates before trying it again.

Assuming it works, both the approach I described and Qubes have upsides and downsides. For example, I don't like using Fedora with Qubes, I want my favorite distro.

Nick PJuly 20, 2014 10:20 PM

@ Chris

re encrypted communications

I'm going to try to answer your question but the post is a bit confusing. Could you clarify what the use case is, what security goal your wanting to achieve, and elaborate on the design?

A preliminary answer to what I think you're asking is you can do such a design. The simplest version was one of my earlier secure computing strategies: several cheap computers with controlled interfaces and a KVM. A very isolated computer handles the sensitive information. The other computer just stores or transports it in encrypted form. They communicate over a simple interface where the isolated computer checks all incoming data, assuming it's not trustworthy. The TEMPEST companies just started making something similar, with the addition of TEMPEST hardware and vaults of course.

The software version of this is seen in MILS and other separation kernel architectures. Google Nizza security architecture by TU Dresden. They built prototypes like eCommerce that are on a LiveCD. They use a trusted GUI subsystem (Nitpicker) to ensure you know what you're looking at and it's the only thing getting your input. They then split the system into security critical components running directly on microkernel (low TCB) and non-critical components running in a user-mode virtualized Linux. The microkernel uses address spaces to separate them in memory, then allows more specific communication via IPC. So, if you don't want something to touch your data, you just ensure it's in a different partition. If you want smallest TCB, you code component directly on top of microkerenl. And L4Linux are very lightweight, fast containers. Btw, OC.L4 is the security-oriented one, Perseus Security Architecture (Turaya kernel) is Nizza-like, Nova microhypervisor is similar, and Genode project builds on this model a bit too. Separation kernel protection profile that Green Hills INTEGRITY-178B is certified against defines many good requirements and features, as well.

There is a middle option in hardware, though. These leverage functionality between processor and devices/memory to compartmentalize things. Air Force's HAIPE prototype uses FPGA's in front of memory to encrypt it differently per Xen VM and control I/O access as well. SecureME, SecureCore, Aegis, etc encrypt and integrity check anything that leaves the processor considering the whole system untrustworthy. They then provide a way to do controlled sharing. Then, the good old segmented and capability systems I've been posting can do that at the processor level just by limiting access to specific memory locations.

So, there's many proven systems, prototypes, and designs on paper to do this sort of thing. Believe it or not, we're experiencing no shortage of solutions. The only shortage is in effort of commercial and open source developers applying the solutions we have. ;)

Mr CJuly 20, 2014 11:38 PM

I agree with Nick P re: InfoWars; it's run by a known charlatan.

----

Re: Tor
Based on this paper (http://www.nrl.navy.mil/itd/chacs/sites/www.nrl.navy.mil.itd.chacs/files/pdfs/13-1231-2077.pdf), it certainly sounds like under the current state of affairs an attacker can:
1. Run an exit node.
2. Run a fast node and wait for it to get set as a guard.
3. Spent a few months correlating traffic.
4. Deanonymize most users.
So, I suppose it's still better than nothing, but it would be a mistake to believe it keeps you anonymous against an NSA-grade attacker.

BenniJuly 20, 2014 11:44 PM

@sena kavote

"Even if it is, being more protected from China and Russia should be enough reason to use TOR, "

Are you joking? Tor is an anonymizer. If you are websurfing from US soil, the chinese or russians have no way of tracking really you, since they are pretty much restricted to their own soil, and the external IP that they see should be changed by your internet service provider after a week.

If you are websurfing with tor, the chinese hackers almost certainly have their exploits for the tor browser bundle (which is a modiefied firefox) as ready as the other agencies. So when they want to attack, they hack even into the firefox modification from the tor browser bundle.


If you are using tor within china, then they chinese services are certainly being able to de-anonymize you since they must be assumed monitor every server there

There are people requesting a tor feature in retroshare. And then a chinese dissident immediately complains:

http://retroshare.sourceforge.net/forum/viewtopic.php?p=9014&sid=a5e29229901bf038811a41d5e23cdce6#p10639

"I used to use TOR from China. It worked quite well for a time, until the censors found out that the servers and/or relays were easily obtained in the TOR website. Then, TOR set up to get "relays" which one could obtain by writing an email which was automatically replied with three or so relays. This too worked well for a time, until they caught up with it, and after that, I could use TOR for about 3 days, after which, it no longer worked.

I now use a VPN connections, and I've rarely had any problems. So, TOR an an optional add on, is probably a good idea, but not included as an automatic feature. Users should be able to choose."

So, thats how state actors china deals with tor. By either monitoring or just simply closing every server that runs this. And I do not want to know how they treat people in china who run tor relays or tor users whom they caugth by monitoring their tor network and exploiting....


tor was designed by the american secret services and armed forces so that their services could make collection and even hacking http://www.smh.com.au/news/security/the-hack-of-the-year/2007/11/12/1194766589522.html?page=fullpage#contentSwap1

without being identified by targets which are single persons or companies, who do neither monitor entire IXP's nor run several exit nodes.

Against a state actor like the chinese services, or NSA/GCHQ/BND tor was never been built. Given the above problems that the above mentioned dissident in the retroshare forum had with tor, it is highly questionable, whether tor is of use in china.


WaelJuly 20, 2014 11:46 PM

@Mr C,

So, I suppose it's still better than nothing, but it would be a mistake to believe it keeps you anonymous against an NSA-grade attacker.
Yes! Stated another way: What's worse than being insecure? Thinking that you are secure!

BenniJuly 21, 2014 1:51 AM

"So, I suppose it's still better than nothing,"

Well, and the problem with this is that the folks at NSA want to use tor as a honwypot. And once they succeed in that, tor would be dangerous.

As they state in their "tor stinks" slide:

"Critical mass of targets use Tor. Scaring them away might be counterproductive.
We can increase our success rate and provide more client IPs for individual Tor users."

their problem is that during the upstream collection, they just get so much information, they have difficulties finding their interesting targets.

Compared to a) listening to all and every call, email and connection that is made every minute, de-anonymizing tor is an easy effort since their project a) is definitely impossible for them.

And now you have the FBI, which shares NSA data....


What we would need is an update, how far they really are in their project of using tor as a honeypot.

Unfortunately, the tor stinks slides were written by guys who wrote:

""Gchq runs tor nodes under newtons cradle. How many? on p. 4

and on p. 20:

"How many nodes do we have cooperative access to? Can we deploy similar code instructions to these nodes?"


So this was writen by people who in fact had not the necessary security clearance, or because other reasons, they did not know how far NSA and GCHQ really are in operating tor relays, monitoring the tor network and thereby abusing tor as a honeypot.

So there is something missing in the slides, where we urgently need some update information.

How far are NSA/GCHQ/BND and the likes at doing this attack?

http://www.nrl.navy.mil/itd/chacs/sites/www.nrl.navy.mil.itd.chacs/files/pdfs/13-1231-2077.pdf


WaelJuly 21, 2014 2:28 AM

@Nick P,

several cheap computers with controlled interfaces and a KVM
And I just happen to have the right subverted KVM for you on special sale just to transgress into your trust boundary :)

tim#3July 21, 2014 4:10 AM

Similarly to manual typewriters being adopted, today’s edition of The Times (sorry no link as I bought a paper copy) reports that the police in London are advising owners of high value cars, including BMWs and Range Rovers, to use mechanical steering wheel locks as thieves have worked out a way to steal these cars very easily and quickly. All the stolen vehicles (dozens this month) have keyless ignition- manufacturers are investigating but I presume they have little to go on bar a lot of empty parking spaces.

Mike the goatJuly 21, 2014 7:50 AM

Nick: ... and yet I can't stop listening to Jones' syndicated radio show. There is something amusing about insanity personified. What's more interesting is that he has several people with deep connections to Stratfor on his "team" - which is curious considering his continued stance against the US military-industrial complex. Seems like a disinfo op to me.

mj12July 21, 2014 8:53 AM

@Benni


but currently I have a book on hacking techniques on my desk.

Just out of curiosity: which one?

IncredulousJuly 21, 2014 9:10 AM

Re: "Safe" languages

I'm finding Go to be an excellent and safer alternative to C, while still retaining that minimalistic C feel. It has great libraries and the ease of use of python, but it puts everything you need to run your app in one executable, no environment need be installed. It has straightforward concurrency that minimizes the typical issues that arise. I think its streamlined version of object oriented programming is much more practical than the elaborate confusion of java and C++.

Risky operations are possible in Go only if you use explicitly unsafe features. I've never seen the need to do so directly, but some use of these operations are probably necessary when linking in C libraries, which is the solution of first resort when integrating Go code with existing libraries, although many are eventually ported to native Go.

I'm pretty old, but the Algol/Pascal/... family seemed dated when I was auditing at NYU while in high school. I have to admit that I spent years in unix/kernighan/ritchie/thompson/pike worship and I still have not recovered fully. I'm sure that I am massively biased. Are the algol family fans here mostly European?

Mike the goat (horn equipped)July 21, 2014 9:16 AM

Incredulous: Pascal and REXX were some of the first languages I learned, only picking up C a bit later down the line and really only learning it to enable analysis and auditing of existing software. I really like the look of Go... As far as interpreted languages go I love Bourne shell and perl, but I guess it so often turns into a religious debate when discussing the merits of different programming environments. I think if you are sensible you can code safely in almost any language. Hah. But maybe not PHP :-).

carolinianJuly 21, 2014 10:55 AM

A Tor question...about commercial blocking of relay node IPs

I read Cory's Little Brother and Homeland last week and, after running over to the grocery to stock up on tin foil, I decided to support free speech by running a Tor relay from a server on my LAN. I have plenty of bandwidth, a spare box, and middling skills.

The first sign of trouble was that Hulu stoped working with a 'stop using anonymizing software' message. Then ABC news. Then I couldn't log on to my banking site ('Unauthorized Access'). A few days later I wasn't able to renew domains at Networksolutions ('There's a problem with your credit card').

What I've learned is that many sites routinely scrape the publically available lists of Tor relay nodes and simply blacklist the IPs. There are service sites on the web such as https://www.dan.me.uk/tornodes to faciliate this (as well as reverse DNS services that rovide the same functionality for one-off lookups).

Tor itself by design provides lists of nodes in the network (which seems to me to be a glaring flaw).

All of that as a caution to anyone considering lighting up a Tor relay. During my initial research the emphasis was on exit nodes...no one really indicated that relay nodes would also fall under scrunity and denial.

And the question: Apart from buying cycles on an Amazon instance to run a relay so that my own internet-facing IP isn't blocked, is there a way to both run a relay node and avoid retribution?

Nick PJuly 21, 2014 11:34 AM

@ Wael

I bet you do. What you don't realize is that my operatives already subverted your tools to (a) neutralize your subversions once they're in my hands and (b) automatically send copies of your intellectual property to me so I can patent them first. Now you're wishing you didn't get into the subverted KVM business, eh? :P

@ Incredulous

Go has nice attributes. I didn't include it because I wasn't sure how minimal its runtime can be made. Can it be used for OS software? It's funny you mention ALGOL because Go *is ALGOL*. It seems like I wasn't the only one trying to use old IT to solve modern problems. ;)

@ Mike the goat

re languages

Pascal is a fine choice. Perl... will not enter my repositories. I used to love coding in it until I had to work on 3rd party code. This helped me understand why it's called a "write-only language." Perl was henceforth banned from projects where the code might require human understanding later on. It was replaced by Python and 4GL's. Then, everyone lived happily ever after.

re Jones

I try not to listen to anything designed to mess up my mind. It's why I also stopped watching mainstream news. Jones has been accused of being a disinformation agent, before. This was in a video someone put on YouTube of a so-far-successful protest about some issue. Then, Jones shows up with a megaphone standing next to them shouting all kinds of crazy stuff. People stopped showing any interesting in the group and the police got more interested in getting rid of them. The effect is a good protest is turned upside down by the "help" of Jones.

He tends to corrupt any topic he touches. Add that he *does* sometimes have inside sources to sprinkle interesting stuff in between his BS and disinformation artist seems possible. He also might just be doing it himself for money and notoriety. Who knows.

WaelJuly 21, 2014 11:56 AM

@Nick P,

What you don't realize is that my operatives already subverted your tools...
Ha-ha! You have your little league of private "Snowdens", then! Nice!

AnuraJuly 21, 2014 12:09 PM

@carolinian

If you are going to run any Tor node, relay, entry, or exit, you should get a second dedicated IP address from your ISP that is used only for the Tor node, which may not be available for a residential connection, so you would have to get a business service. You can run an exit node at that point as well, but you are probably aware of the potential problems with that (DMCA notices, warrants, etc.).

AnuraJuly 21, 2014 12:18 PM

What I wonder is how many Tor relays and exit nodes there needs to be for it to be infeasible to continue blacklisting them. 100,000? 10 million? 100 million? If every home on earth used Tor, no one would be able to block it (although it would cut internet throughput significantly).

carolinianJuly 21, 2014 12:49 PM

@Anura the underlying problem is the network...it was never intended to be secure. We keep trying to add layers of security to it, but it's like trying to build a boat on top of cabbages. You can stack up as much boat as you like, but cabbages just don't float that well.

A green-field network architecture designed for privacy and security is the answer, but we can barely get IPv6 rolled out after, what, 15 years? Maybe mesh networks will work, at least in populated areas.

And until we have 200 million Tor nodes, running one is a red flag. The site I referenced earlier claims to be 'a full TOR [sic] nodelist no more than 30 minutes old'...there are only 5,996 nodes worldwide on the list.

BenniJuly 21, 2014 2:19 PM

@Vas Pup:
There is a gpl program Mediatekview, that could download the video as a file, like all streams of german tv programs but no, german television usually do not translate their videos. the video has german subtitles, but that is all.

@Anon
regarding Ios, there is this funny innocent bug: Before some time you could 1) Get an Iphone in germany (thats the country where the 9/11 attackers were from). 2) set the geolocation feature off 3) Now ask siri for various world religions. If you say "Christentum" or Christianity, Siri will open the wikipedia page on that. Finally you can ask Siri about "Islam". Well and it will say: "Verrate mir zuerst wo du bist. Stelle dazu das feature lokalisierung ein". in english: "First, tell me where you are. For this you have to put the geolocation feature on".........

Here is the demonstation: http://www.youtube.com/watch?v=7oIzT6GB_l0

However, after this made became public, apple fixed this "problem"


AnonymousBlokeJuly 21, 2014 2:24 PM

Tor Nodes Blacklisted:

Commercial Network Security companies are largely behind this. As a corporate security guy, I do find the rules good (though not my area of security, exactly). There are also services, companies, that focus on this sort of product.

The main threat is: insiders punching through corporate firewalls, and then, of course, hackers coming at your networks from the other way.

Another selling point for corporations I have heard is that a lot of malware relies on Tor.

Tor Being US Gov:

http://pando.com/2014/07/16/tor-spooks/

Seems legit. I had thought that Dingledine, further, was part of that "red team" of high school students who were put into a special NSA program, the same one which had other comp sec luminaries: Charlie Miller, Dave Aitel, and Jamie Butler.

Though the Snowden papers do seem to imply they were breaking Tor, not that Tor was already broken. I do believe it is very feasible the government *may* have actually designed it for security they would find difficult to break. BUT! On saying that "out loud", I feel it is actually ludicrous to state.

So... how did they really design it to be broken, I wonder...

BenniJuly 21, 2014 2:37 PM

News from the guardian:

http://www.theguardian.com/world/2014/jul/21/government-agents-directly-involved-us-terror-plots-report

Government agents 'directly involved' in most high-profile US terror plots

Seems that the US agents have learned pretty much from their german counterparts.

You know in eastern germany, after the fell of communism, the people figured that this communism was it which made entire regions poor. And so strong right wing extremist groups emerged.

Well, and the german domestic intelligence service "Bundesmt für Verfassungschutz" needed to "infiltrate them"..

For example, there is this right wing party NPD, which is a very dangerous Nazi party. The german politicians went to germany's highest court, in order to forbid this extremistic party. And the judges noted, this could not be done, because the section of the NPD in the german state Nordrhein Westfalen was even LED by a spy from the Bundesamt für Verfassungschutz. And there were assumed to be many other spies within the NPD, so much that the court could not forbid the extremist party

http://de.wikipedia.org/wiki/NPD-Verbotsverfahren_(2001%E2%80%932003)#V-Mann-Skandal

Then, the death of two right wing terrorists revealed that there were even right wing terrorist groups working in the underground, randomly killing turkish and other foreign people.

In the process at the court against the last surviving member of the right wing terrorist, it came out that there was a spy from the Bundesamt für Verfassungsschutz. And this spy regularly gave government money to the right wing terrorists:

http://www.mdr.de/nachrichten/brandtnsu100_zc-e9a9d57e_zs-6c4417e7.html

Of course the same german spy is now in Jail, because of procuration and child abuse

I think this US headline "Government agents 'directly involved' in most high-profile US terror plots" is a nice first beginning.

If rhe US services really want training from professional agents, they should come to germany, to the "Bundesamt für Verfassungschutz". There, they can learn from professionals, how to "infiltrate" extremist parties and groups so thoroughly that you can not even legally prosecute them because most of the "extremists" are spies......


name.withheld.for.obvious.reasonsJuly 21, 2014 2:45 PM

For(th) some reason I keep going back(tracking) to Prolog...
Wirth has my respect, and, for sheer "IT JUST WORKS!" Fortran 77, 95, and Watfiv fill the bill.

But, who can deny COBOL--the most predigious language every constructed. The only HLL that produces small object code than the source. It truly is an exercise for the hands and the keyboard. But hey, what could go wrong with COBOL (SNOBOL?).

AnonymousBlokeJuly 21, 2014 2:56 PM

@Nick P

I have finally responded to that thread on espionage, if you want to check it out. Definitely has been enjoyable to me to be able to kick the ball back and forth with you. Very strong intellect, and very strong and wide range of comp sec knowledge, I must say.


@ Benni

There was a really good movie about infiltrating German Neo-Nazi groups, I think, quite a number of years back...

... here it is, the Infiltrator, yeah, IMDB again...

http://www.imdb.com/title/tt0113398/?ref_=fn_al_tt_2


... interesting article....

What really bothered me and still bothers me because it is in the realm of computer security is the FBI stratfor hack.... and other bad stuff:

Exclusive: How FBI Informant Sabu Helped Anonymous Hack Brazil
http://motherboard.vice.com/read/exclusive-how-an-fbi-informant-helped-anonymous-hack-brazil


How an FBI Informant Helped Orchestrate the Hack of an FBI Contractor
http://motherboard.vice.com/read/how-an-fbi-informant-helped-orchestrate-the-hack-of-an-fbi-contractor

How an FBI informant orchestrated the Stratfor hack
http://www.dailydot.com/politics/hammond-sabu-fbi-stratfor-hack/

BenniJuly 21, 2014 3:07 PM

@Anonymous bloke:

So... how did they really design it to be broken, I wonder..

Well, tor was not build against a state actor monitoring the entire net.

It was build that NSA agents could read soviet internet sites, without getting into headlines like "On my blog, I have three dozens of CIA personnel reading it everyday"

And for this, tor is still doing an excellent job. It does an excellent job even against companies like google tracking you.

This is stated by the tor project itself, it was a tool designed for open source intelligence. And it is used even if they hack into single targets, like companies, embassies or individuals as the gchq toolset of jtrig shows.

Also, it can be used if you communicate for short time, so that they do not get the time needed to make their correlation analysis (this attack will cost them some days, as the academic paper I quoted above says)

tor was never built to protect against an agency where, according to Binney https://netzpolitik.org/2014/live-blog-4-anhoerung-im-nsa-untersuchungsausschuss/ around the year 2000 "we created a network graph of the entire world where we could zoom into parts and monitor sub networks and calls as desired"

Of course, they have not built tor to protect against themselves....

But the aspect is there:

When you have an upstream collection of 3.4 Tbit/s you somehow need to find interesting targets. And these are ones who try to encrypt something (Cryptographers are prime targets, says Binney in the above link on the question whether somone who is occupied with encryption in germany could become a target) or people who want to stay anonymous for some reason. Binney says they would be very interested in journalists, wanting their source, and dissidents as well...

And that pretty much seems like a large part of the target customer list of tor.

One would need more details, reports on talks at the US navy or the NSA or darpa at the time tor was first developed, in order to determine whether tor was deliberately build for marking targets for NSA.

But perhaps this is not important at all. Important is that they WANT to use tor as honeypot, as they say in the tor stinks slide:

"Critical mass of targets use Tor. Scaring them away might be counterproductive.
We can increase our success rate and provide more client IPs for individual Tor users."

And therefore an effort to use tor as honeypot is certainly under way. We just need to know how far they went achieving this. Slides from agents who say that they do not even know how many tor relays NSA/GCHQ operate do not help much here, unfortunately.


BenniJuly 21, 2014 3:23 PM

@AnonymousBloke

A film on an infiltrator, saying "He is their worst enemy" is a completely wrong picture of what happened here. I have not seen the film, but its cover suggests a wrong picture.


Again: We have german "spies" leading!!! the Nazi party, and we have german spies regularly sending government money to terrorists who use this money for their murders, and we have "agents", being in jail for child abuse.


It is more like the german domestic intelligence service phoned and met with every nazi they could.

And so, many nazis thought: "hey well, they give you money if you are working as an "informant". Money is always good for our activities".

And so the nazis took the german government money with gratitude, reporting some stupid nonsense to their agent leaders, and financed right wing terrorism, leading to many people killed, with money from the government....

But well, the Bundesamt für Verfassungschutz is a german authority and german thoroughness is the culture of all german authorities. That means: If a german authority "infiltrates" a nazi party, then it has to place so many agents there, that the judges noted, the nazi party is no more "remote from the government" since even the leading figures are spies.....

And by the way, in soccer stadiums, among the ordinary fans, the german Bundesamt für Verfassungsschutz, germany's domestig intelligence service, is present as well:

http://www.spiegel.de/sport/fussball/fanforscher-martin-thein-beim-bundesamt-fuer-verfassungsschutz-taetig-a-981894.html

AnonymousBlokeJuly 21, 2014 3:28 PM

@Benni, on Tor and NSA, et al


Well, as stated in the "espionage thread" I was just directing Nick P to, I did do some work as a concerned citizen with hacker civilians in either Russia or China. (A situation arose where I felt compelled by conscience to report a situation with some people I knew. I work usually in security bug finding, so this was serious.)

It is stale enough that I feel okay stating this.

Before and somewhat during that I also worked on anti-authoritarian tools. This is very likely the reason anyone in authoritarian countries ever contacted me at all.

In that situation of making those tools (and in dealing with a guy as an effective source), it becomes very apparent to a person's thinking that their lives can be in danger, and worse: they can end up getting killed or tortured.

I do believe, that said, I can see how and why US intel could have backed such projects. (As far as I know, they did not back mine.)

I was willing to work with them at the time because I felt on this - anyway - they had motives aligned with mine. (I did, however, also work on such tools considering the very real possibility that the democratic nations might go bad, as did many people -- second gen holocaust survivors, second and third gen Soviet satellite survivors are big in those communities. (And such people you can trust as they are true believers in "not forgetting".)

That perhaps unecessary backstory said, I do believe you are correct, they created it to help aid people behind censoring firewalls, and they actually made it durable.

Though, I myself would never advise someone risking their lives by their communication online to use such a tool, primarily because it is so easy to single out. And in the days of the large demand for blacklist rules against Tor, that especially would potentially signal such users as suspects. :/

Instead, KISS, CD OS which is secure, and PGP on desktop - no fancy plugins - via email.

WHERE the webmail is SSL encrypted and has NO "no-ssl" options.

BUT... I do not keep up as rigorously on these matters these days, so I could very well be missing very useful tools and the like, being now in much more mundane "everyday" corporate security...


AnonymousBlokeJuly 21, 2014 3:42 PM

@Benni

Actually, I think they actually touched on that angle which was why I referred to it.... though has been like fifteen years since I have seen it.

"He is appalled and disgusted by what he sees, but he's determined to dig deeper. Yaron discovers that the Nazism runs deeper and is more powerful than he ever could have imagined. "

Where, unfortunately, spoilers would be "more powerful" means government funded.

Based on a true story, if I recall.

... what you are saying is, however, very disturbing....

The most disturbing book - or anything - I have ever experienced on that subject, besides the Stratfor hack and such *(though did not directly experience that, obviously) was:

http://www.amazon.com/The-World-That-Never-Was/dp/0307386759

The World That Never Was, which goes into depth in late 19th century law enforcement and intelligence against the brimming communists & anarchists.


I have little proof a lot of this still goes on, but it surely was one of the first and most used methods by law enforcement and intelligence to deal with "terrorists".


BenniJuly 21, 2014 4:19 PM

Well, regarding to a secure system for people whose life depends on it:

a problem is that you can not thrust ssl very much. I noted above what people are in the committees standardizing all this...

In the ssl draft standard, there are options like this:

http://freshbsd.org/commit/openbsd/ad06f9f6c0dff725c5c8333b00babf12d1784c16

"Thanks to the knobs in http://tools.ietf.org/html/rfc5746, we have a knob to say "allow this connection to negotiate insecurely"."

And the only thing that you can do to evade this is to check all the sourcecode of the programs that you use by yourself.....

To this it comes that NSA regularly does man in the middle attacks, faking google and yahoo certificates with things that are accepted by most browsers, so they are impersonating regularly google and yahoo servers:

https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_sh.html

This problem is based on the general notion that websurfing is always a communication with relative strangers, whose identity, and security certificate you can not easily verify personally, by your own inspection.

So, if your life depends on it, stop websurfing. Only connect to people, or computers, that you personally know.

Regarding to tor:

Edward snowden used tails to contact his journalists. And he still seems to use it for encrypted chat.

The paper that I quoted above says that in order to de-anonymize someone, an agency needs a month of traffic analysis or so....


that means, if your life depends on it, and you are in a relatively free country, you can well use tor if you use it shortly, and from various locations.


Much depends on how strict the government monitors everything.

In north korea, they certainly monitor every computer. Someone who tries to operate a tor server from there is probably executed very fast.

On the other hand, in a relatively free country, like in america, if you start tails and shortly connect from always different locations, e.g your hotel, a wlan hotspot or something, into the tor network.


But you can not evade, with tor allone, the problem that they still could send you a faked ssl certificate that is accepted by firefox, or the modification tor browser bundle. thereby they can record your content, which could reveal your identity.


So if your life depends on it, you have to communicate over tor only with programs that strongly encrypt the communication, and where you can restrict your communication to friends whom you can personally verify their identity. This is why snowden uses encrypted chat over tor to talk to journalists.

If chat is not enough, there is the retroshare application:


http://retroshare.sourceforge.net/

it supports encrypted chat, some kind of email, news groups, forums and voip phone talks. Everything is pgp encrypted with rsa. Retroshare and has this security model:

http://retroshareteam.wordpress.com/2012/12/28/cryptography-and-security-in-retroshare/

The public and private keys are generated from an entropy pool, including a passwort, but also you are asked to move your mouse randomly some time. The private key never leaves your own computer.


So when they de-anonymize tor after a month trying to do their attack, well then they still sit on funny pgp encrypted files...


until now, retroshare did not undergo an independent audit, like truecrypt. Such an audit would be very welcomed by me and many other users...

AnonymousBlokeJuly 21, 2014 4:39 PM

@Benni

Yes, sir, I do understand that. As part of some research at a job, I got one of those wifi pineapples - and experimented with numerous mitm android projects - and saw just how clearly & simply mitm really is.

Besides that I have worked with certs -- as a sec analyst, I routinely rely on having forged certs so my scanners can see the traffic in the plaintext while performing pen tests.

Not so much worried about wired mitm, but I do not worry much about the NSA and such, whom I do believe own those wires and would agree that it is probably very sure that they have the big web companies web certs...

(As I work for an american company, there is little reason for us intel agencies to hack us... as for my own person security, wth, if they really want to try and find video of me taking a shit, then hope they are happy with that! :-) )

If, however, I worked for a foreign firm, I would be **very** concerned that the brunt of the US intel services is engaged *against you* in selective corporate espionage. :P :/

Not much I can say about that, other then, I, personally, completely disagree with such strategies and tactics. The US should be focused on **defensive** counterintelligence with real cases, not this sort of crap.

IMNSHO, economic espionage in democracy vs democracy situations (especially) is patently noxious to the survival of that democracy as a democracy.

:/

NO way anyone can guarantee that manner of corruption can be stopped. I also do believe the inevitability of that is clear to even people with the simplest of minds and range of knowledge.

Mike AmlingJuly 21, 2014 5:23 PM

@carolinian " is there a way to both run a relay node and avoid retribution?"

First off, I agree that blacklisting the relay nodes that are not exit nodes is pointless.

Second, what I find works is to power cycle my modem which gets a fresh IP address from my ISP. I've never seen the fresh IP address blacklisted the same day.

AnonymousBlokeJuly 21, 2014 5:52 PM

@carolinian

I have not read his lil brother books, but his revenge of the nerds was super outrageous good. Have makers but have not quite yet got into it.

BenniJuly 21, 2014 6:55 PM

@Anonymousbloke:

(As I work for an american company, there is little reason for us intel agencies to hack us... as for my own person security, wth, if they really want to try and find video of me taking a shit, then hope they are happy with that! :-) )"

I would not thrust on that.

I can't find it now, but I remember a recent guardian article, saying that the NSA things if you communicate with a foreigner, then you have no right of privacy at all.

So if your company is an international one, and has engineers abroad... Well, and remember what Binney said: Cryptographers are prime targets.

You are selling security software? The NSA certainly has an interest that you do not sell this to, say Iran, or Syria....


In germany, there is very often the problem that arms manufacturers try to sell their military equipment into crisis regions, circumventing the usual german export law that states such exports must be allowed by the government in a decision.

(By the way, on this commission usually sits the minister for development. The last one was a retired paratrooper, who, after allowing dozens of arms exported into poor development countries and crisis regions, got a job at one of the largest weapons exporters after he finished as minister: http://www.spiegel.de/politik/deutschland/dirk-niebel-und-rheinmetall-die-ruestungsdeals-des-ex-ministers-a-978764.html This is "development politics" as the libertarian party that he is in understands it)

Usually, it is said that the BND is a foreign secret service. It is said in the press that the BND usually can not monitor germans...


Well, that is in the press, in the law, here are the exceptions:

http://www.buzer.de/s1.htm?g=G%2B10&a=5

to collect informations whose knowledge is needed to recognize the danger and to react in case of

1) a weaponized attack against germany
2) an international terrorist attack with relation to germany
3) the international distribution of arms, as well as the forbidden deals with wares, computer applications and technologies in case of considerable importance
4) the forbidden deal with drugs in any area of the european union in case of considerable importance in relation with germany
5) the interference in the stability of the currency in europe through counterfeiting money in foreign countries
6) the international money laundering in case of considerable importance
7) the forbidden smuggle of foreign persons in the area of the european union in cases of considerable importance with relation to germany

the BND is allowed to monitor everyone, as it thinks it is necessary. Americans, as well as Germans or Brits.


And note the explicit mention of "computer applications" in 3)....

According to this article of germany's oldest computer magazine

http://www.heise.de/ct/artikel/Umruestung-286746.html

there exists in fact an EG dual use law of the european union. Germany had to adopt this and so, if you want to export a crypto software in germany, you formally would have to go to the same process like in ordinary arms control.

As for export, this is completely unimportant in practice. I even assume that no company that sells security software in germany undergoes this formal process officially. The outcome would be clear anyway. When the minister for development allows large scale arms exports in poor development countries, then they will allow export of security software every time and everywhere and to everybody as well.

But then there comes this BND law that allows surveillance on everybody, including germans in order to collect information on:

"3) the international distribution of arms, as well as the forbidden deals with wares, computer applications and technologies in case of considerable importance"

And BND has xkeyscore access, from which it shares everything with NSA....

Now I am pretty sure that in america, it is the same or likely even worse (namely, in america vendors might additionally be compelled to hand over their keys to NSA or build a backdoor for NSA, before they are allowed to export their software).

But every time, the press says the NSA is not allowed to monitor the american citizen Jon Doe.

I do not know much of american law but well, I almost would bet that there is an exception in the US law, saying that, in order to get information on arms export, NSA can even monitor the american citizen Jon Doe if it deems it necessary.

And then there is perhaps a second law, saying cryptography is arms......


Cryptographers are "prime targets", according to NSA whistleblower Binney.

I bet that they have targeted surveillance on every cryptographer in the US, just to watch over them in order to get information whether they are selling their techniques to Iran, Syria, China, or even North Korea.

And if NSA does not have this domestic surveillance, then they get this data with gratitude from BND or GCHQ. So then it is not the NSA doing the surveillance, but these are just "interesting items" delivered by BND or GCHQ analysts.....

BenniJuly 21, 2014 7:17 PM

the academic cryptographer Quisquater was attacked by a trojan that communicated via encrypted channels over belgacom servers. And these Belgacom servers where known to be hacked by NSA, which is how this attack was revealed....

http://www.pcworld.com/article/2093700/prominent-cryptographer-victim-of-malware-attack-related-to-belgacom-breach.html

"According to Quisquater, his laptop was infected with a malware program that was different than the one used in the Belgacom attack. However, the malware on his PC communicated over an encrypted link with malware on Belgacom’s servers, he said Monday via email."


It therefore seems that NSA mathematicians are so eager to read every development on crypto that they even want to read the unfinished! academic papers of a professor before they get accepted in journals.....

Making a costly targeted surveillance op, just to get a stash of math papers before they were published....

This is what Binney ment when he said at the german parliament "cryptographers are NSA prime targets"

https://netzpolitik.org/2014/live-blog-4-anhoerung-im-nsa-untersuchungsausschuss/


Usually, mathematics is thought by non mathematicians to be a boring an extremely complex subject. And even for me as a mathematical physicist, the idea, that you write beautiful things like this

http://www.iacr.org/cryptodb/archive/2003/EUROCRYPT/2151/2151.pdf "Improved Algorithms for Efficient Arithmetic on Elliptic Curves Using Fast Endomorphisms"

and then thinking that there are people in this world, who find these things so interesting that they even break in your computer just for being able read your unfinished! articles, this seems a bit strange....

But when they do this with people working on elliptic curves, then they certainly do this with people who are practically creating security software as well.

IncredulousJuly 21, 2014 8:02 PM

@ Mike the Goat

Pascal AND REXX? Strange combo. I used REXX on IBM mainframes under TSO. I know I am supposed to like PERL but ultimately I find it intentionally unreadable and obscure. APL for the next generation. I don't need to save keystrokes that much. Or maybe it just doesn't jibe with my internal programming model. PHP isn't that bad if you just avoid the obvious Don'ts.

@ Nick P

Go isn't algol any more than java or php is. Sure there are similar control structures, those shared by most common languages. The page you linked to was written in 2009, so I have to give the author a break, but he does not appear to have done any serious go programming and the code he lists won't compile on current compilers because of the location of line breaks. It is interesting to see that channels existed in algol. But his understanding of dereferencing Go pointers is either obsolete or wrong. He gives OO in go short shrift and he ignores the package system and the extensive library.

I don't think go is a natural for writing OSes, but that is not my area of expertise so I could be wrong. It IS a natural for writing userland system utilities, servers, clients, services, networking, etc.

@name.withheld

SNOBOL was a great language. We used to laugh at LISP: "Lots of Idiotic Single Parentheses!", we chortled. SNOBOL has great pattern matching. Easy user defined types.

Yes, we were wrong. Thousands of cards of SNOBOL spaghetti later. But we had the time of our lives.

I've been lucky enough to have been employed for many years programming prolog dialects. A satisfying language for intelligent applications, but far from the metal.

Nick PJuly 21, 2014 8:50 PM

@ AnonymousBloke, others re Tor Blacklisting

I agree with AnonymousBloke: blacklisting the exit nodes was always in my security recommendations to companies. The companies' goal is to reduce risk in their IT operations. Knocking out something that almost guarantees untraceability makes sense. I went further by writing tools that pulled the IP's off the "proxy list" websites to automatically ban them, too. I also recommended whitelisting with remote travelers using [cryptographic] port knocking to establish new IP's. If a high assurance device does this before packets hit anything else, it stops almost all attacks that strictly come from outside.

"I do believe it is very feasible the government *may* have actually designed it for security they would find difficult to break. "

That is why they designed it far as I know. It was non-NSA groups like Naval Research Laboratory with great track record in secure product development. They did SCR methodology, the Network Pump, separation kernel work, integration of UNIX with high assurance components, and more. NSF and DARPA also fund good security work as well. I often tell people it's easier to understand if you look at the government like it has multiple personality disorder: one set wants backdoors and insecurity for spying; one set wants secure technology for all sorts of uses. Good news is the second group publishes a lot of design details for free. ;)

"So... how did they really design it to be broken, I wonder..."

I'm assuming they *didn't*, as I said above, and they're merely leveraging the omniscience they've been building. They know there's convergence of users on certain relays for performance. They also can see enough of the network to mount attacks nobody else can. They also have good cryptographers, hackers, and so on. So, they're probably just leveraging these to try to break the anonymity of an otherwise good design.

Remember that Tor doesn't exist in a vaccuum: it's an open spec and code that gets more peer review than any other tool in its category. Attacks and improvements are published regularly. That's why I doubt it has any backdoors in its main design. Now, NSA using tactics I described above or submitting code with subtle flaws are more likely attack vectors.

@ AnonymousBloke

"I have finally responded to that thread on espionage, if you want to check it out. Definitely has been enjoyable to me to be able to kick the ball back and forth with you. Very strong intellect, and very strong and wide range of comp sec knowledge, I must say."

I appreciate the compliment. I might or might not respond to the post as I'm mostly done with that tangent. I'll read it for sure, though.

"Instead, KISS, CD OS which is secure, and PGP on desktop - no fancy plugins - via email. WHERE the webmail is SSL encrypted and has NO "no-ssl" options."

Good choices. It will still get hacked by NSA due to ample attack surface left in it. I posted a breakdown of how to handle secure email here a while back. Develop yourself a knockoff of one of these using tiny computers like VIA or Atom systems, with a robust one for guard. Whole thing might cost under $500 and is retargetable for other purposes. You can even do real-time chat with some work so long as you do the guard scheduling right and can take some latency.

@ Benni

"and then thinking that there are people in this world, who find these things so interesting that they even break in your computer just for being able read your unfinished! articles, this seems a bit strange...."

It is odd, isn't it? I think obsession, desparation or some combination is the explanation. They want to know everything in that subject area, beneficial or threatening. They must have it all. They can't be made to wait. They can just hack and steal to get what they want so why not. I'll admit I've considered doing the same thing to get key defensive tech as it's quite a desparate situation and time/money aren't on defenders' side. I decided against it as I think I've already posted enough for people to build an assured system ground up and those papers are legal.

@ name.withheld

I played with PROLOG back in my AI work. It was interesting way of looking at things. Modern work seems to use tools like Isabelle/HOL, instead. PROLOG also doesn't seem so practical for programming. The better model if people want to be closer to math or logic is a functional language like Haskell. It's been used in formal verification and is practical enough that it's seeing industry use from hardware to financial applications.

That said, if you want logic programming have a look at Mercury. It's a modern, high performance logic programming language with static checking and programming in the large support. Allegro Common LISP, the most feature-packed CL, also has a seemless integration of LISP and PROLOG as one of its listed features. I also used to use Visual PROLOG when I had to use PROLOG. One could even make GUI apps in the language!

Datalog probably deserves some mention as the logic languages are most practical when applied to complex data processing. The Wikipedia article is also packed with info. Man, that field has been busier than I thought. Check this one out as it's list of application areas is quite interesting.

@ Incredulous

Perhaps I'll need to leave off that article in future Go discussions. ;) However, I'm keeping it as evidence of my meme that many old technologies had superior design to a large amount of modern offerings. That a 1968 language had most of the good features of Go is quite impressive. Then, we see that the industry went with the languages that didn't. (sighs)

SNOBOL was interesting. I liked some of its choices, such as first class patterns. I never used it, though. I'm glad you brought it up because a glance at its Wikipedia page told me SNOBOL pattern matching has been integrated into Python. It's called SnoPy. Awesome.

"I've been lucky enough to have been employed for many years programming prolog dialects. A satisfying language for intelligent applications, but far from the metal."

That's neat. I rarely hear someone say that! Aside from beginner AI work, my only use for logic programming was to try to shortcut formal verification. The idea was that verifying logic programs with logic would be easier than verifying stateful, imperative programs. So, the system would be modeled in a suitable logic, certain properties described in it, and then refined until it was basically executable via logic programming. Then, only the parser and interpreter needed validation. I aimed to shortcut them by using LISP-like syntax and FLINT certifying ML compiler. If you're wondering "wth?," the purpose was to verify the tools used in software lifecycle so they'd be bulletproof. It wasn't so much for the apps themselves.

I ended up deciding that functional programming was probably better as that field was moving fast on verification, practical features, and performance. The existence of certified ML and LISP runtimes, along with excellent static/dynamic checking advances, meant that software could be "verified enough" without so much effort. And more readable to the new hires, as well. The fast compilers and IDE's could be used for RAD before the finished code is put through the certified tools. So, I've since stuck on that route and haven't done any more with logic programming.

carolinianJuly 21, 2014 9:01 PM

@Amling A fresh IP would certainly work, however this is a set of static IPs.

My concern is that someone else is deciding what is or isn't 'secure' with a very broad brush...blacklisting an IP address because it is participating in enabling freedom of expression is just wrong. I can undertand if a node is an identified Tor exit node, but a relay? Really? In my eyes it's a preemptive strike against free speech.

AnonymousBlokeJuly 21, 2014 9:10 PM

@Benni

These realizations come to you in these areas. No one had to say anything.

Kind of funny how that happens.

Iain MoffatJuly 21, 2014 9:32 PM

On the language topic, the first language I was formally taught at university was PASCAL (on a DECSystem 20) - as an electronic engineer in the '80s most of what I did after that was assembly language for target systems or C and shell scripts or PERL for CAD extensions. As I result I tend to the view that if you can write other languages in a way that looks like good ALGOL/PASCAL and avoid in particular any laziness over cross-type assignments and initialisation of variables, then you will get most of the benefits of a well structured language in terms of safety and readability. I certainly have written non trivial C and PERL applications in that way, which have survived 15 years.

The issue is really self discipline versus compiler enforced discipline. It is of course less productive to write C, Perl or Shell code that defensively than to do things the easiest way the language allows (and self imposed style is not as rigorous as a compiler check).

I think another big part of the problem with C is really the size of the ecosystem that has grown up over the years - the full GCC package is now many tens of megabytes which is a lot to trust and much of the useful functionality in a compiled program is in linked libraries so however careful one is with the main program one has to trust that the stdio and string functions and application-specific libraries like SSL all are done right. I think I would trust a small compiler producing statically linked code much more. This is not least because of past bad experiences with the various versions of MFC42.DLL in the 90s!

I was sad that ADA did not become mainstream - I remember there were relatively small standalone ADA systems in the DOS/Windows 3 era but I think most people use a GNU based GNAT system now ? I am definitely interested in GO and will try it next time I have a project with time to learn. What is the provenance of the SSL library in Go - is it a fresh implementation or a wrapper round one of the *SSL C libraries ?

Iain

FigureitoutJuly 21, 2014 9:33 PM

Thanks for the responses and interest, I'll reply to each after some minor corrections.

/* Corrections & Warnings to my (hurried) SDR post */

--First off the band is from like 0Hz (which no one of course will be on lol) up to 28(M)Hz, 1000kHz = 1MHz lol, d'oh.
--Site requires java to use the waterfall/spectrum display which is the major attaction to SDR in my opinion...So, I'm torn here at my hate for java (I didn't know it was possible for a chunk of software to have so many remotely-exploitable bugs...) but the application is very cool...You can avoid that by downloading some software (another risk...) for an airgapped pc or getting a commericial SDR (or building one if you're badass).

/* Replies */

StarChild RE: law-breaking
--Yeah, this is my beef w/ a "legal" or "political" solution to our security/privacy problems...The laws simply get broken by the enforcers, now they have leftover military equipment that civilians can't fight. I prefer laws of physics being broken over some (crappily thought out, if you read them) human construct; of course the law-breaking could go so far as to physically prevent development...

Also, the "partnership" sometimes is anything but. More like a NSL, which is like a dagger to your neck and duck tape on your mouth. Some of the CEO's couldn't even speak w/ their ATTORNEYS (!) about them; that is police-state behavior. Oh and they also just sniff the traffic w/o their consent like they did to a lot of the big internet companies.

Sancho_P
--Appreciate the sincerity, it's a rare quality these days but a lot of people crave it...Shame on us indeed, there's plenty of blame to go around and failures...

Nick P
--I'm not quite following your point on backdoors. If every product has a remotely exploitable backdoor outside your expertise, that's a frickin' nightmare, you can't do anything but take it.

Yes I see your point. But, you're basically saying to give up b/c otherwise they'll break the law and attack you anyway? That's a police state.

The big problem is so much software is still acquired over the internet, I hate getting my software I need from there. Can't get a disk in the mail, legally it's ok to tamper w/ the mail. Sticking a USB stick w/ unknown life activities in my computer is sketchy too. Maybe the best is to copy/paste a .txt file hosted on a webpage...

Slime Mold with Mustard
--Nice name BTW, made me gag lol. That story was pathetic lol, poor girl didn't suck enough *I mean* make enough contacts w/ "policy makers" lol. Of course they're listening, a while back I linked a pdf (Secret Power), which basically stated how intel agencies have these global outposts w/ big antennas that are strategically placed for radio transmissions. I'm sure that's all digitized now but can you imagine all the bandwidth all over the world that they need to monitor too? It's worse than the internet b/c the data comes nicely packed in cables and all of it split. Radio there's all kinds of crazy physics at play that can affect reception. Also, it goes two ways, mere hobbyists can sniff their signals too.

Shun
--What Iain Moffat said. It's transmit and receive, and since it's digitized, yes you can store it.

AnonymousBlokeJuly 21, 2014 9:51 PM

@Nick P

"It will still get hacked by NSA due to ample attack surface left in it. I posted a breakdown of how to handle secure email here a while back."

Heh, sounds good, though I don't deal in anything the NSA would like to attack.

Unless they are attacking american financial companies... which I do not find very plausible -- even if they have some foreign divisions.

I worked at a security vendor years ago. The NSA actually audited their code as it ran on DoD systems.

Most people I have worked with in these areas of security: bug finding, crypto products, security products assume surveillance. It is just normal considerations of supply and demand. But that kind of surveillance usually isn't going to be the harmful kind, but the 'slurp up everything kind'. To see if they can get data, security bugs, and the like.

When I did work in opensource crypto products they were designed for people behind totalitarian firewalls and such. Our threat model included those countries, though we kept everything unencrypted assuming surveillance and always keeping in mind we had nothing to hide. (I am well aware this strategy can rankle many crypto guys. We were not as dumb as people might think.)

Suspicions aside, in all the years I have worked in comp sec, really have not had any problems.

Of course, maybe or even likely some could be watching, but as they aren't the sort to actually do anything (unless you are doing something bad, I suppose), doesn't really matter much.

Conversely, I was working at one consultancy and my coworker pointed out how another coworker had tails. He commented that coworker would always have tails because of his previous work. Not sure if he was not joking, but who knows.

Nick PJuly 21, 2014 10:19 PM

@ Figureitout

My point on lawful intercept is that implementing such a "backdoor" is the same as implementing a remote administration tool. Many backdoors in my hacking days were called RAT's because they could be used for both. Well, for legal reasons too. ;) If the worry is that anyone might hack a L.I. system, then guess what: anyone might hack a SSH, port knocking, strong firewall, and so on. Yet, most people don't and we continue to use these to great advantage. If we can make RAT tools pretty secure, we surely can make lawful intercept mechanisms pretty secure as *they're the same thing*. The main difference is who accesses the mechanism, how they use it, and how the credentials are stored.

If one can't integrate assured L.I. into a system it says more about the system itself than the concept of L.I. or remote access tools. I'm sure modern L.I.'s would pose a risk because modern systems are quite insecure. Yet, take away L.I.'s and bad guys still have plenty of 0-days to use in secret. It's what we're seeing the NSA do, along with black hats for other purposes. If a backdoor isn't built into most systems, they've hacked their way into an equivalent situation. And unlike an auditable lawful intercept tool, they can do this both stealthily and in a way that hurts security of software in general.

So, I don't think lawful intercept is incompatible with security. If anything, giving TLA's and courts a legitimate access method that can be focused on just the targets with high assurance of operation for all parties involved might be leverage for us. They can legally get the data anyway as it stands and Lavabit case shows that judges current see no alternatives. Knowing that, something like high assurance L.I. might allow precedents to be set in such courts where the agencies get what they *need* (not want) and innocent parties have a certain amount of protection.

@ AnonymousBloke

We know that they collect data automatically on people who communicate with a target and might look at it for anything that they find interesting. Bruce and his blog are under a form of targeted surveillance. A number of commenters are considered worthy of watching and probably are under similar surveillance. Many people read this blog, but few comment which has implications in how content here will be analyzed. That you are here and commenting means you're already being watched to some degree. That you mention NSA, crypto development, and so on probably sets off more selectors. And BULLRUN shows they're acting against companies and researchers, both here and abroad, to get them to backdoor products. That you contributed to things that made their job harder means you're actually in *their* threat profile (or were at some time), per BULLRUN slides.

So, people like you are at more risk of NSA surveillance (or covert action) than the general population. The one thing that reduces your risk is that your posts indicate you're an unlikely threat to them. They'll still watch you anyway because you might be full of crap or have a past/current target in your social circle. You are on their automated systems' radar, though.

Nick PJuly 21, 2014 10:49 PM

Breakthrough silicon scanning discovers backdoor in military chip (2012)

http://www.cl.cam.ac.uk/~sps32/ches2012-backdoor.pdf

"Abstract. This paper is a short summary of the first real world de-
tection of a backdoor in a military grade FPGA. Using an innovative
patented technique we were able to detect and analyse in the first doc-
umented case of its kind, a backdoor inserted into the Actel/Microsemi
ProASIC3 chips for accessing FPGA configuration. The backdoor was
found amongst additional JTAG functionality and exists on the silicon
itself, it was not present in any firmware loaded onto the chip. Using
Pipeline Emission Analysis (PEA), our pioneered technique, we were
able to extract the secret key to activate the backdoor, as well as other
security keys such as the AES and the Passkey. This way an attacker
can extract all the configuration data from the chip, reprogram crypto
and access keys, modify low-level silicon features, access unencrypted
configuration bitstream or permanently damage the device. Clearly this
means the device is wide open to intellectual property (IP) theft, fraud,
re-programming as well as reverse engineering of the design which allows
the introduction of a new backdoor or Trojan. Most concerning, it is
not possible to patch the backdoor in chips already deployed, meaning
those using this family of chips have to accept the fact they can be easily
compromised or will have to be physically replaced after a redesign of
the silicon itself."

Well, that's interesting ain't it?

FigureitoutJuly 21, 2014 10:53 PM

Nick P
--Alright, well I respectfully disagree that I need to give a LI backdoor to any system I make. The way the internet market is right now, it sucks anyway (like 3 companies control all the cables and nodes) and is going to be a pure monopoly that will suck so bad...Why don't they let me do that to them? I just need to check in on them from time-to-time. No, don't agree w/ it and assuming I'm guilty right away. The risk from blackhats already exists and they can get in and out anyway, now I have another risk of abuse of the LI backdoor.

This is why open wifi is probably a good thing so long as fingerprints and metadata are controlled. I'll just move somewhere else to do some things (also taking unnecessary risks due to a backdoor being forced on me) that need to be split up. Then airgap a computer in a shielded room and filter the power ridiculously. But the prospect of all email/web searching being sniffed is just such a horrible one...

I don't get why they think they can succeed in this kind of mission, can't they see that analyzing all this data is still impossible. As in, first they have to trust that their system isn't hacked and deleting/altering records, but lots of little offline data, all the audio/visual, all the other modulated radiation...I don't get it.

FigureitoutJuly 21, 2014 10:56 PM

Nick P RE: military chip backdoor
--Ah, Dr. Skorobogatov's work. Dude's legit and a lot of his work is in areas of security I'm highly interested in. He's not stuck up either and responded to my random email real quick. I told him to post here, so maybe he has or is just reading. If anyone else likes his work, you should let him know.

Nick PJuly 21, 2014 11:06 PM

@ Figureitout

It's fine that you disagree as I figure many will. It's a tangent I must consider nonetheless as our current options are (a) they get what they want or (b) we don't put it on a computer. Even messed up compromises are better than those two options. I'm just exploring every practical tradeoff and option I can see.

re their collection

It makes sense if you view it from their perspective. They're looking at it like data mining. They think they'll be able to focus on risky people once they come up with the right models. Leaks already indicate they're busting crooks for fraud and drug dealing, passing it onto other TLA's for parallel construction. They're doing the collection itself because they already have a budget for that and it's getting cheaper all the time. Both they and industry are improving the data mining methods to apply all that spooky stuff we see in papers to entire countries. Who knows how successful they'll be over time. Just wait till they start applying massive neural nets like Google Brain or Facebooks new face app to data already filtered for relevance/usefulness. Should get interesting.

And there's always the ability to create dirt on people out of thin air. If it's about control and a surveillance state's longevity, it makes even more sense. They wouldn't have to succeed in stopping crime. They'd just have to identify dissenters. It's already DHS policy with their snitching program identifying people critical of U.S. government as potential terrorists. So, that's mass surveillance of citizens' communication (SIGINT) and programs to get citizens to spy on one another (HUMINT). A one-two punch against the republic. It's what I think the *real* purpose of these things is. And to powermongers, that investment would be worth every penny.

FigureitoutJuly 21, 2014 11:50 PM

Nick P
--So from the picture I'm putting together for you, I basically have you had some bad experiences, you were recruited, you then eventually went to do your own thing consulting. What I'm thinking is either you're "one of them" or you've lost hope/got older and allow LI backdoors or, in a twist, you say you agree w/ those backdoors to just reduce risk and further attacks on you. Secure networking is frustrating for me b/c you can't have the system in front of you, you send off a signal and need outside signals (like cameras) sending back data that the endpoint is ok, but still in-between is a risk. Just going for a run in my neighborhood, I saw where they were laying ethernet cables for a neighborhood. One night digging them up wouldn't be hard or just going to the nodes they connect too (one of them was wide open too, busted by a car or something). You can also be a fake inspector too, not a lot of people will question it, even at a stoplight w/ some critical electronics that someone could kill you if they alter the timing on the stoplights or just switch all green lights.

And there's always the ability to create dirt on people out of thin air.
--No, that makes me want to cry. That's not justice, that's f*cking evil. And to fight that I have to do a whole bunch of worthless record-keeping that wastes my f*cking time.

And why do you think I say that political reform is a lost cause? B/c anyone seeking to change this turd of a system will be labeled a terrorist and your efforts subverted. So, I'm rooting for mass failure now, and the hell that'll come w/ it. Then it's just like back in 1776, a bunch of people will die and we'll come together and make a new system. Only to have it rot w/ corruption and have to do this all over again. It's a cycle.

Clive RobinsonJuly 22, 2014 12:13 AM

@ Nick P, Figueritout,

I spend the equivalent of an "extended weekend" dealing with Medical R&R and when I get back the blog has gone boing in all sorts of directions...

Firstly Nick P watchout for that CambLabs paper it's from 2012, the same year as that HTML5 Canvas paper, you might hear some "whine" ;-) More seriously I remember the comments made at the time and they were not friendly to the researchers. I regarded it at the time as "Ostrich Mode in an 455 kicking contest" by the complainers, I wonder what they think since the Ed Snowden Revelations and the TAO catalogue...

I remember at the time thinking "they don't get it" with regards the "agnostic nature" of test harnesses, and how "Good Testability is almost always a Backdoor" unless the design engineers really know what they are doing...

This important lesson applies equally as well to "Lawful Intercept Interfaces", whilst they may well be developed with limitations in usage, the chances are the limitations are at best "skin deep" at the end UI, not at the business end of things where the monitorable surface is likely to be total (think early Web-admin interfaces and root privileges, where you could still use VI etc to get a "root shell").The problem is whilst the LI may be regarded by most as a "read only" or "push" interface, underneath at the business end it won't be it will in all probability have "Universal write privilege" along with the "Universal read privilege"...

FigureitoutJuly 22, 2014 12:31 AM

Clive Robinson
--Anytime you go quiet on the blog, I get this sinking feeling and the need to check some things (that should never be touched), just to be sure (oh gawd, what's he up to now)... :p Besides from a medical issue which you'll surely recover from and be fine.

Clive RobinsonJuly 22, 2014 12:41 AM

@ Nick P, Figureitout,

With regards,

And there's always the ability to create dirt [ie falsify evidence] on people out of thin air. If it's about control and a surveillance state's longevity, it makes even more sense. They wouldn't have to succeed in stopping crime. ... It's what I think the *real* purpose of these things is. And to powermongers, that investment would be worth every penny.

I was wondering if somebody might pick up on this over in the GCHQ Catalogue page, but they didn't. Bruce got close on his comment with regards noticing their use of Tor.

It's reasonable to suppose they use Tor to hide behind when "falsifying evidence" on a victim's computer (a criminal offence GCHQ staff are not exempt from despite Skepticals unreasoned assertion otherwise). It's almost certainly the way they did their "bomb suprise" fairy cake recipy gag they were idioticaly proud of. If they were caught modifing UK based computers then they would be in a whole world of hurt, as judges would find it difficult to argue that their "expert testimony" that has been used in terrorist trials is not infact "planted evidence" and thus rule out all such evidence causing cases to be re-heared, collapse or not happen with the result they go free. The use of Tor by GCHQ is almost certainly being used to hide behind when they use their evidence falsification tools in their catalogue and the many others not listed.

BenniJuly 22, 2014 12:48 AM

@Nick_P
"It is odd, isn't it? I think obsession, desparation or some combination is the explanation."


Well, I think, the german chancellor Kohl once said "Secret services always think they are important but they aren't". Chancellor Schmidt said that he observed, the reports of secret services "are often illegaly obtained by illegal surveillance, and then they are very colored by those who intercepted and analyzed the communication"...


I think this is the problem here. Snowden said that at NSA, there are 18 year old people reading emails.

And well, then it is only a matter of time when someone says: "well, reading email is boring. I want to play world of warcraft". And then he has an Idea....

Soon the famous project is born where NSA agents search for spooks in wow, since "massive multiplayer online role play games are a network rich of targets where terrorists could meet in plain signt"....

These guys are abusing government money for their hobbies....

And if you ask a mathematician who has a phd on, say elliptic curves, what are the most important things for the national security of the united states, he will probably say something like,

"terrorists are not of any interest. What is more important than terrorists is "whether the phi-Joint Sparse Form of any two elements k0 and k1 of Z[phi] exists and is unique"

The NSA is americas largest employer of mathematicians. And if you let such a mathematician head a group of other mathematicians, well, and if there are hackers a few doors away, then the mathematicians soon will request that the hackers deliver them even all information, even all the unfinished works, on the "phi-Joint Sparse Form" in the world.....

This is why the chancellors Kohl and Schmidt completely disregarded the secret services. Because they thought that the results of these agencies are not objective, but entirely depend on the controversial views of the employees at the services. Kohl and Schmidt thought that they could not base their politics on colored reports from somebody else, but that they had to talk to the people on their own in order to get an impression and to figure what is necessary to do.


BenniJuly 22, 2014 1:14 AM

@Nick_P

"Breakthrough silicon scanning discovers backdoor in military chip " That is very interesting.

I hope they find backdoors in other chips as well. This leads to more secure software which can try to circumvent the backdoors, for example by using multiple entropy sources in a prng.

And it is good for the local industry. It would be quite profitable, from an economic point of view, if every country would have its own chipmaker. They should really find a backdoor in an intel processor...

Clive RobinsonJuly 22, 2014 1:46 AM

@ Figureitout,

You occasionally comment I give you cerebral overload with some of my comments to you... at the risk of giving you brain fever I'll share this with you...

As you mentioned SDR one of the problems you may have not thought about is the inherent inefficiency of TX output stages especialy with amplitude sensitive modulation schemes.

Well I'm assuming you know about "Class D" circuits and wide band transformers and some of their advantages?

For instance a wideband transformer can be used to sum two AC currents whilst keeping them DC and galvanicaly issolated from each other. What you might not realise is you can series up the transformer outputs whilst having their inputs effectivly run in parallel, thus being easily able to create +2000V signals for gas lasers and old style transmitter valves/tubes with low cost consumer transformers where custom transformers would be idioticaly expensive.

What you might also know is Class D has an efficiency problem when trying to generate a sinewave output when the output frequency is a sizable fraction of the Class D clocking frequency. Thus in general Class D might cover the audio range but use a 1Mhz switching frequency, this sort of ratio is very problematical when working with RF which is why we use tricks such as Class F.

However back in the early 1980s I worked with a consultant for Weir Power Supplies, and got chatting about what we now call Full Sinewave UPSs. At the time the standard designs were grossly inefficient and he trotted out the usual reasons. I asked him why nobody had done it differently... Well the usual "custom and practice" was trotted out and I asked why not a Class D driver into a transformer that was the lowpass element. Well the answer was it's a nice idea but the component cost would be high due to the clocking speed to get the same cleanliness as the inefficient methods...

I went away and thought about it and came up with a Walsh Transform solution where three Walsh sequences were added in the transformer using four windings. I built a "thumb your nose at the expert prototype" to prove it worked and showed it to him, he was impressed but still came up with NIH style problems.

Any way I had proved my point and then forgot about it for a few years and others got patents etc...

Well some years later I was tasked with designing a battery operated AM LF beacon where efficiency was a requirment. I remembered the Walsh design and modified it accordingly. One advantage of a proper Walsh setup, is the first harmonic output of the fundemental is at 16f not 3f of a squarewave and is at a very low value. So unlike a Class F system it had very simple and easy filtering requirments.

I later used this to advantage in an AM Broadcast band (0.5-2.0MHz) design that required no "field instalation" filter setup. The design used three of these Walsh generators that were turned on and off by the digital audio input upper two significant envelop bits and a polyphase system to generate the lower power parts of the envelope which gives a very efficient system overall. The output of these four generators is transformer added to give the final RF antenna output.

Clive RobinsonJuly 22, 2014 2:23 AM

@ Benni,

With regards "on chip rngs" I've more or less come to the conclusion that they are only "TRNGs under ideal conditions" that don't happen in the real world without prohibitively expensive precautions, that are not going to happen in COTS products ever.

I suspect Nick P might take issue with this to a certain extent but that's OK ;-) because it depends on practical rather than theoretical margins of security.

To see why think not about solving the problems but mitigation in some other way...

For example let's assume become a person of interest, to the point the security forces start illuminating your home with high energy radio frequency (HERF) signals to in effect "injection lock" the on chip RNG in your PC. Providing you don't use any of the RNG output whilst your system is illuminated then this attack is effectively usless for the attackers.

Thus using pre-generated or "canned" entropy would mitigate such an attack. Back in the 90s it was thinking along these lines that gave rise to the ideas of CS-PRNGs.

Thus the cost of "mitigation in time" of canned entropy is a minute fraction of the cost of digging a hole in the ground to build a secure cell (SCIF) in.

And I would urge people to think along these "low cost mitigation" lines all the time.

Thus I would look not to an "on chip RNG solution" but a good CS-PRNG and using dice etc to generate the initial keys and seed for it.

One such solution could be a BBS generator that drives a couple of crypto algorithms, such as AES in counter mode the output of which then gets encrypted with another "orthaganal" block cipher such as one of the other AES finalists with a higher security margin. Such CS-PRNGs will generate as many "random numbers" as most people are ever likely to need. And if your needs are higher then the cost of a Quantum TRNG is not likely to dent your budget much; ;-)

Mike the goat (horn equipped)July 22, 2014 3:57 AM

Figureitout: I can see where Nick is coming from. If given the option between clandestine backdoors and a documented one with access protected by key escrow controlled by legislature then I guess the latter is preferable. Of course actually designing a secure machine would be far preferable to either scenario.

Reading between the lines I assume that Nick has previously (or is) worked on govt projects perhaps even those used by a TLA. That said I don't believe his responses are misleading or otherwise dishonest.

AnonymousBlokeJuly 22, 2014 7:25 AM

@Nick P

"So, people like you are at more risk of NSA surveillance (or covert action) than the general population. The one thing that reduces your risk is that your posts indicate you're an unlikely threat to them. They'll still watch you anyway because you might be full of crap or have a past/current target in your social circle. You are on their automated systems' radar, though."


As I was saying to Benni... **everyone** who works in these areas are extremely familiar with these issues.

I would be very surprised if both of you do not work in these industries, so I am sure you are very familiar with just how well known this is.

I have worked in these industries for well over fifteen years. Everyone I worked with in sec research or crypto-privacy were well familiar with these concepts, these threats and risks.

And, I have seen different people take these things in different ways. Some are obviously and constantly super paranoid. Some are aware of these factors, but are not. In not a few cases, you don't just have to worry about one nation or one organization, either.

Weird thing is: they can sometimes really make you think they are doing something very wrong. Like "why are you so paranoid, what kind of secrets are you hiding". Some of my friends, if not many, I may never know. Even if I worked with them day in and day out.

When I say I don't do anything wrong, I am just pointing that out. Whatever file I have, I am sure most of it was written years ago.

PetroniusJuly 22, 2014 7:49 AM

RE: figureitout part 2 & nick p

the military already uses SDR to securely send files to field operatives in an encrypted form, albeit they tend to use satellite constellations for this and as a result have a bit more reach and throughput than what you are discussing. just study the AFSCN for more...

SkepticalJuly 22, 2014 8:38 AM

@Clive: It's reasonable to suppose they use Tor to hide behind when "falsifying evidence" on a victim's computer (a criminal offence GCHQ staff are not exempt from despite Skepticals unreasoned assertion otherwise).

"Falsifying evidence" for use in a criminal prosecution? Yes, that would be illegal. If you think I've maintained otherwise, then there was at least one error in communication.

As far as I can tell, there is no evidence that the tools we were discussing had been used to do so, however.

Inferring that they are is like stumbling upon an intelligence service's forgery capabilities and concluding that they must be guilty of passing forged cheques.

Nick PJuly 22, 2014 9:07 AM

@ Figureitout

"I basically have you had some bad experiences, you were recruited, you then eventually went to do your own thing consulting. What I'm thinking is either you're "one of them" or you've lost hope/got older and allow LI backdoors or, in a twist, you say you agree w/ those backdoors to just reduce risk and further attacks on you. "

Lol. No. Only the consulting part is accurate. I've also turned down a lot of money and jobs to (a) avoid aiding evil and (b) focus on high security, backdoor free design of the whole stack. So much lost revenue that I keep a boring steady job outside INFOSEC to pay bills. My previous posts here over the years were about systems that could be trustworthy even with malicious developers on the team and TLA's on the attack. Numerous designs even exploited jurisdiction and citizenship to cause TLA's problems. I'm also known to reconsider my views on occasion and explore new avenues of getting things done. My posts, past to present, are consistent with this.

First time considering lawful intercept was in Lavabit case when judge was considering turning down FBI's device if Levison had a working alternative. I was shocked as I've never seen it happen and it would limit FBI. Seeing as the Constitution itself grants them warranted search, I realized Feds and courts wouldn't tolerate unsearchable computers. Whole services were shutting down or silently being backdoored. And so I started a tangent exploring how to make a secure, auditable backdoor. I noticed it was the same as all the others I built for remote management. A feature user's often ask for although they're worried about "backdoors." ;)

re Dr. Skorobogatov

Sounds good. I hate stuck-up people myself. Friendly, smart researchers are probably better for our field as people might pay more attention to them. Not to mention they're more pleasant to work with.

@ Clive Robinson

"The problem is whilst the LI may be regarded by most as a "read only" or "push" interface, underneath at the business end it won't be it will in all probability have "Universal write privilege" along with the "Universal read privilege"..."

It can be limited all the way to the bottom. The main problem I see is the endpoints are insecure or complex enough, as you pointed out, that there might be endruns around the security. So, my plan would call for continuing clean-slate security efforts and put this in as a feature. That way the L.I. system could be restricted a great degree. I also think one could use a programming or scripting language for L.I. plugins that ensured certain information policies were followed: read-only for this account; read-write for a set of accounts; write only on this port. An interpreter, written in a safe language on the safe platform, would process the L.I. commands while checking them (before or during execution) against the security policy.

The other way is to use a regular platform, but a secure coprocessor for L.I. The L.I. system is restricted similar to above. It talks to main system through controlled interface. So, it might have universal read and write at lowest levels, yet system and software security measures transform that into POLA per application. The main system (or I/O connection) might also limit the coprocessor to just the areas storing data. It couldn't access internal OS stuff or the code of the platform. Well, we might give it read access so they can do a check to ensure the system hasn't been covertly modified, but universal read is removed before the L.I. app runs. Might even build it into a network coprocessor like I've had in other designs.

So, while not easy, it seems we can at the minimum let these things collect data without subverting our system and with certain limits placed on them. Limiting accounts should be quite easy. More complex functionality takes more complex type systems, policies, etc. Yet, it can be implemented on the same secure hardware/software systems that *already exist* in prototype or limited production.

"I was wondering if somebody might pick up on this over in the GCHQ Catalogue page, but they didn't. "

You must've missed my comment listing each tool that could be used specifically against democracies. :P

@ Benni

Finding backdoors is good for our security, but chip making isn't profitable. There's a reason companies are selling them off all the time. It highly competitive and capital intensive, with each advance doubling the fab cost. Even an older fab takes tens of millions to keep running with fewer sales (due to obsolete tech) every year. My conversations with RobertT indicate that the sweet spot is the companies making masks that convert a design document into what turns silicon into chips. Those companies manage the riskiest part, might be easier to secure, and might be easier to subsidize.

There's still the risk of I.P. having hidden functionality engineers aren't smart enough to find because they lack the skills and nobody is teaching them outside the top companies. I've always said a Manhattan Project for secure computing is in order. It's more clear than ever that solving each aspect would cost billions in labor and materials. Only large governments or the wealthiest private parties could even consider it. That's how bad things are for defenders.

@ AnonymousBloke

"I have worked in these industries for well over fifteen years. Everyone I worked with in sec research or crypto-privacy were well familiar with these concepts, these threats and risks.

And, I have seen different people take these things in different ways. Some are obviously and constantly super paranoid. Some are aware of these factors, but are not. In not a few cases, you don't just have to worry about one nation or one organization, either."

Sounds reasonable. I try not to be paranoid: I just *know* the devices are insecure, that anything I put in them might be intercepted, and simply don't worry. I just keep working on better things instead.

James GarnerJuly 22, 2014 10:14 AM

"We're happy to see that TAILS 1.1 is being released tomorrow. Our multiple RCE/de-anonymization zero-days are still effective."

via @ExodusIntel: https://twitter.com/ExodusIntel

#$%#

"Exploit Dealer: Snowden's Favourite OS Tails Has Zero-Day Vulnerabilities Lurking Inside"

Thomas Brewster | Security | 7/21/2014 @ 2:14PM

http://www.forbes.com/sites/thomasbrewster/2014/07/21/exploit-dealer-snowdens-favourite-os-tails-has-zero-day-vulnerabilities-lurking-inside/

#$%#

"The flaws work on the latest version of Tails and allow for the ability to exploit a targeted user, both for de-anonymisation and remote code execution," said Loc Nguyen a researcher at Exodus. Remote code execution means a hacker can do almost anything they want to the victim’s system, such as installing malware or siphoning off files.

"Considering that the purpose of Tails is to provide a secure non-attributable platform for communications, users are verifiably at-risk due to these flaws. For the Tails platform, privacy is contingent on maintaining anonymity and ensuring their actions and communications are not attributable. Thus, any violation of those foundational pillars should be considering highly critical," added Nguyen. This affects every user of Tails, who should all "diversify security platforms so as not to put all your eggs in one basket", he added.

All users, including Snowden, should be wary of using Tails with a false sense of security, though it’s still more likely to protect anonymity than Windows."

AnonymousBlokeJuly 22, 2014 10:59 AM

@Stacy

Project Mincemeat by that author was excellent, will have to pick up this book. Have not seen these details before.


@Nick P
"And, I have seen different people take these things in different ways. Some are obviously and constantly super paranoid. Some are aware of these factors, but are not. In not a few cases, you don't just have to worry about one nation or one organization, either."

Sounds reasonable. I try not to be paranoid: I just *know* the devices are insecure, that anything I put in them might be intercepted, and simply don't worry. I just keep working on better things instead."

Pretty much, we all do. Know they are insecure.

I mean, "not everyone", but if you are in the comp sec industry, these days (not so much pre-2005), you get a lot of divergent news stories about some of the crazy bugs found. You also hear some of the crazy stories about APT attacks.

And you can make some kind of estimate about how much is not reported.

But, it is also important to keep a straight head about things and try and accurately quantify risk as well as possible.

I really find it implausible that anyone would see you as a threat or dangerous. You have some outspoken thoughts, but I do not even think your criticisms are out of line.

Same sort of stuff I have heard from all sorts.

I can see how you might have some inner concern. That maybe someone would misconstrue something you have said.

But, in actual practice, that sort of thing blows over.

The "Burn Before Reading" sort of mixup scenario. Good example: a sec engineer at sandia labs caught chinese hackers on his network. He contacted authorities and proceeded to hack them back. Well, while they were working with him, they also investigated him. And he got fired. (End of the story is good, however, became a big Rolling Stone story and the guy sued and got a million plus settlement. Still it would have been a pain to be so accused.)

I think those kinds of "what they said is misunderstood" situations, however, is actually very rare.

I do not think anyone would be "out to get" you (or me or most people on this forum), and definitely not waste precious "covert action" plans and expenses.

Scarf up all the data for a "who knows when analysis", sure.

Use it against you for extortion, very unlikely.

As you take surveillance seriously, you probably say the same views in private you say here. Maybe tempered somewhat just a little. Nothing radical or obnoxious there.


daveJuly 22, 2014 2:38 PM

Talk on cracking Internet anonymity service Tor withdrawn from conference

By Joseph Menn | SAN FRANCISCO, July 21

"A heavily anticipated talk on how to identify users of the Tor Internet privacy service has been withdrawn from the upcoming Black Hat security conference.

A Black Hat spokeswoman told Reuters that the talk had been canceled at the request of lawyers for Carnegie-Mellon University, where the speakers work as researchers. A CMU spokesman had no immediate comment."

http://www.reuters.com/article/2014/07/21/cybercrime-conference-talk-idUSL2N0PW14320140721

Gerard van VoorenJuly 22, 2014 3:40 PM

@Iain Moffat

"I was sad that ADA did not become mainstream - I remember there were relatively small standalone ADA systems in the DOS/Windows 3 era but I think most people use a GNU based GNAT system now ? I am definitely interested in GO and will try it next time I have a project with time to learn. What is the provenance of the SSL library in Go - is it a fresh implementation or a wrapper round one of the *SSL C libraries ?"

The descriptive title of the Go tls[1] package is "Package tls partially implements TLS 1.2, as specified in RFC 5246." and it is created and maintained by Adam Langley, a Google crypto expert who is now also working on BoringSSL[2]. AFAIK it is created from scratch and minimalistic.

[1] http://golang.org/pkg/crypto/tls/
[2] http://arstechnica.com/security/2014/06/google-unveils-independent-fork-of-openssl-called-boringssl/

Nick PJuly 22, 2014 9:24 PM

@ Gerard

I skimmed through some of the Go documentation. Interesting language design. One thing that caught my eye is that it's "gobs" implementation (think simpler Protocol Buffers) that serializes data structures uses unsafe methods for speed. The documentation says it uses unsafe methods for that I/O for default, but safe methods can be enabled albeit with performance loss. Makes me wonder where else they made that tradeoff. And does the TLS include anything like that?

Nick PJuly 22, 2014 9:40 PM

@ Iain

The discipline method is the same way I did it. In a way, it's similar to the safe subset and coding style enforcement trends we see today. It was just more manual. I simplified it by making a C++ compatible BASIC dialect that enforced structured programming style with inherent safety. I don't have that anymore so it would be manual methods.

Regarding large body of code, there's essentially three ways to handle that:

1. Modify hardware to make that code inherently safer.

2. Apply automated transformations via compilers or binary rewriting that turn it into safe code.

3. Isolate it via hardware or software mechanisms behind controlled interfaces to contain any damage, then check anything it produces.

There's been a lot of work in each area. Number 2 usually results in horrendous performance, but works on legacy hardware with little to no software modifications. Number 3 takes a significant performance hit while allowing incremental modifications of software and use of legacy hardware. Number 1 has most potential for security without code modification and with a performance hit ranging from unnoticeable to massive depending on security approach used. CHERI is probably in the lead here as they've already put FreeBSD on their capability processor with minimal modifications. Instruction set randomization is a nice shortcut, too, as it turns most injections into mere crashes with hardly a performance or chip space hit.

Gerard van VoorenJuly 23, 2014 3:15 AM

@ Nick P

About unsafe methods in Go, I think that is something you have to ask at golang-nuts. In general Go is a quite safe language. However data races may occur in goroutines (there is a tool to inspect that) and it includes "unsafe". So it isn't preventing unsafe behavior nor doesn't it allow you not to behave in an unsafe way. That said, they usually prefer the correct approach instead of the quick and dirty approach. And that is because these guys themselves know what can happen when you take shortcuts.

One thing that Go AFAIK doesn't solve is formal verification. The problem here is the GC and probably the goroutines. The language itself generates GC (maps, goroutines, appends) and that doesn't work well with formal verification where you don't want any memory allocation at all.

For the tls package, I think the Go version is a massive improvement over OpenSSL and the likes. Go is just better than C. But for critical computer components such as tls, I would still like to see an Ada/Spark implementation too.

In short, I think Go is good for almost all the common things like a real workhorse, but it is no magic bullet. There are areas where I prefer Ada/Spark.

Clive RobinsonJuly 23, 2014 3:30 AM

@ Nick P, and others on languages,

I take an ambivalent atitude to languages and their perceived security, for various reasons.

Firstly no matter how secure your language is it's foundations are an insecure set of machine instructions, and all of the security features it offers were hewn into shape by insecure tools.

As such the security features are "guards" on "power tools", they try to make operating the power tool "safer" to reduce "accidents". The problem is "guards" get in the way, they are expensive and reduce the working capability of expert users. That is there is a trade off between "utility and ability".

In general an operators ability is also related to their utility as seen by an employer, that is a well "trained" operator needs fewer guards and can do far more with the power tool and requires less supervision than a minimally trained operator. Thus an operators utility is based on the level of training and experience they have, as that process is expensive experts tend to be scarce and thus disproportionately expensive from an employers point of view.

From an employers point of view they have a choice power tools with more guards and other features are more expensive and have less utility, but the operators to use them are very much cheaper and more expendable than operators who have the training and experiance to use unguarded tools.

Thus you see factory lines with low skilled staff just acting as an extension of the machine, thus slaves to it rather than masters of it.

It's this sort of staff most employers want, cheap expendable and fully replaceable with any one of a hundred unseen faces in a crowd.

Thus managment shape the industry they want, not that the customer or worker wants. Managment want "blue collar" not "white collar" staff and they will take the path that gives it to them, when it's available and we already see this happening.

The problem is this managment desire gives rise to mono cultures and lack of hybrid vigor which we also see, as well as customer choice (the old "any colour you want as long as its black"). It also puts way to much power in the hands of the managers, to the detriment of everybody else (see the defence industry as an example). But worse still it reduces professionalism in the work force which causes other much longer term issues such as poor education and training, which in turn deskills the populous and criticaly reduces the skills base and thus in turn the economy, which in turn leaves a country more vulnerable to foreign competition...

One of the less frequently mentioned aspects of "Open Source" v "Closed Source" cultures is what it does for the professionalism of those involved...

Gerard van VoorenJuly 23, 2014 3:53 AM

@ Clive Robinson

"As such the security features are "guards" on "power tools", they try to make operating the power tool "safer" to reduce "accidents". The problem is "guards" get in the way, they are expensive and reduce the working capability of expert users. That is there is a trade off between "utility and ability"."

After reading lost of spy fiction, there is one line that keeps coming back: "There are old spies and reckless spies but no old reckless spies"

What I mean is that even experts need to know that they too are no superhumans. We all make mistakes and if the language can help preventing them that is a true benefit. That said, if the language has speedbumps on the highway, there is something wrong with the language.

Clive RobinsonJuly 23, 2014 5:52 AM

@ Gerard van Vooran,

With regards "no old and bold spies", old spies learn not just how to follow the rules, but more importantly when not to usually by the experiance of when things have gone wrong that gives them that "sixth sense" of "thinking hinky".

One of the things about "playing with sharp edge tools" is you fairly quickly learn if you have a lack of skills, and need to rethink the way you do things. Thus chopping the corner off the end of your finger with a penknife gives you a chance to learn, where as a chainsaw right through your guts tends to kill you... For some reason we forget we learned to walk by falling over at a time of life when the bump usually means minor pain not a broken wrist or worse.

However if the tool "protects you from cuts" you don't find the limits to your skills and where you have to learn to improve them, thus your ambitions mean you use bigger tools more recklessly and you do much much more damage when your lack of skill catches up...

You see this with cars, the more safety features they have, the more poor drivers will drive beyond their limits, and as a consiquence the more damage they do, usually at someone elses expense (you get hit by a car doing 30mph and you have a 1:10 chance of being killed, at 40mph however you only have a 1:10 chance of staying alive).

The sooner people learn their limits, the sooner they can improve or take up some other occupation, to theirs and many others benifit.

Thus a language with lots of safety features encorages the Dunning-Kruger effect where the worst of programers will believe they "are the best" because they have never felt the pain of their failings, thus have no sixth sense for thinking hinky. Thus the very real probability that their inabilities cause harm to many others. The safer the language the more likely the resultant failings will cause pain at a national or global level.... We used to joke about MS being the defining example of malware, but they felt the pain and learned a lesson from it.

Nick PJuly 23, 2014 10:21 AM

@ Clive Robinson

"Thus a language with lots of safety features encorages the Dunning-Kruger effect where the worst of programers will believe they "are the best" because they have never felt the pain of their failings, thus have no sixth sense for thinking hinky. Thus the very real probability that their inabilities cause harm to many others. The safer the language the more likely the resultant failings will cause pain at a national or global level.... We used to joke about MS being the defining example of malware, but they felt the pain and learned a lesson from it."

I disagree. The unsafe features we're removing here are intrinsic properties of the underlying machine architecture that auto-fail apps without warning. They shouldn't exist at all. They're just a holdover from legacy machine architecture. We've also found certain issues, such as memory management, can also be automated away at a reasonable cost. If one doesn't need to worry about it, they shouldn't worry about it. So, if anything, these safety features improve the programming experience by letting the programmer focus on the application logic rather than micro-managing the machine. And they will still have *plenty* of problems left to challenge and improve their skills.

Now, this applies to application development that almost all professional programmers do. The group your effect could kick in on are those doing low-level programming or disabling safety features for performance. The solution here is to just have several tiers of use of the tool with training and examples for each. The person learning about manual memory management will learn of all the types of problems that can occur, best practices for preventing some, and how to find others. Those doing unsafe arithmetic and jumps will learn how these can doom their code, along with what it takes to handle that. And so on.

You could say I'm arguing for a separate training for Safe and Unsafe uses of the language. The language should also make it easy to switch between the two. Ada, Modula-2 and Pascal all meet this requirement. The Ada programmers tend to do fine in both areas despite your prediction. The Delphi (Pascal) programmers wrote much more reliable, still fast Win32 applications despite plenty of unsafety mixed into that. After being used in an OS, Modula-2 was used successfully by professional programmers who wrote safe and unsafe code. So, we have precedents for this sort of thing and a good language design makes it easier to pull off.

I couldn't imagine the C# and Java crowds pulling the same thing off, for instance.

Nick PJuly 23, 2014 10:33 AM

@ Gerard, Clive

It's funny that I made the above comment about Java developers then stumbled upon this blog post in my email:

http://nsainsbury.svbtle.com/java-developers

He illustrates their problem quite well. I've tried repeatedly to get past these obstacles but it was too much a mental drain. It's why I push structured programming with OOP merely for encapsulation of state. Why replace a few chapters of readable, effective code with 60+ of over-architected BS? (shrugs)

Nick PJuly 23, 2014 11:42 AM

@ Buck

LOL. That was great. Thanks for the link (and warning). Good to know there's still people out there producing hammers. Their work isn't on major news sites every day. Yet, their hammers exist, work, and improve every year.

BJPJuly 23, 2014 12:05 PM

@Nick P
Thanks for that link. As an old C/Perl/R/*sh coder, that article and the hammer factory factory Buck mentioned so nicely sum up my slackjawed wonderment at the mess of abstraction inside this Java code I nudge into shape for work every now and then.

AnuraJuly 23, 2014 12:12 PM

@Buck

Reminds me of a .Net developer I worked with at a webhosting/SaaS company. We wanted a tool that could configure websites that could handle tasks in parallel (our old solution was VBScript, but it ran in a single thread). It was a pretty simple idea; I could have knocked something out in a week. But the developer working on it decided they wanted to build a framework for all of our needs. A year later, we had a working tool; no one but him knew what was going on due to the sheer complexity of it, and it was buggy and unwieldy, and we never used it for anything else.

AnuraJuly 23, 2014 12:18 PM

That said, I do like some level of abstraction because it can make usnit testing easier by allowing you to create mock objects; my general rule is that any more abstraction than is necessary to accomplish your task or allow unit testing is probably excessive.

Clive RobinsonJuly 23, 2014 3:32 PM

@ Buck, Nick P and others,

With regards building better hammer factories...

This is not the first time somebody has "railed against the objects".

Many many moons ago a similar story did the rounds.

Short for of the story is,

A King needs a new toaster for making breakfast,
He calls on a Computer Scientist and an electrical engineer,
The King explains his problem and asks for suggestions and a time scale,
The CompSci leaps into pre requirments analysis mode about how it's not realy a toaster the King wants but a device that also makes waffles pop tarts etc etc and starts talking to himself about universal grain product thermal colourant enhancment....,
The King looks over to the Electrical Engineer who says he'll use a small micro controler and 4bit IR sensor to stop the toaster when the toast is the correct shade, and it will take a couple of weaks.
The King looks over at the CompSci who is now busy talking about grinding grains and milling,
The King nods at two guards who drag the babaling CompSci out of the room and throw him in the moat.

I have a printed out version of it somewhere I could type in if people can't find the original out on the NET somewhere.

WaelJuly 24, 2014 2:17 AM

@Clive Robinson,

Firstly no matter how secure your language is it's foundations are an insecure set of machine instructions, and all of the security features it offers were hewn into shape by insecure tools.
I tend to subscribe to this line of reasoning. This could be a long discussion as well. I'll just touch on the highlighted aspect; "the insecure instruction set". I take it that this "insecure" characteristic of the primordial instruction set is something that cannot be changed. An analogy could be a castle or a prison :) that we try to build with certain "security" features. these buildings are built with bricks and other materials (analogous to the instruction sets). The castle or prison could be secure if they meet the "security" requirements, but can we ascribe "security" to the brick or the mortar that are used to build them? The question is: What would a "secure instruction set" look like? What characteristic would the instruction set need to have to qualify as "secure"?

Instruction sets manipulate bits, write to registers and memory locations, assert gpio lines or read them, etc... would a "inc eax" be more secure than a "xor r1, r2" for example? I think that sounds a bit ridiculous...

Clive RobinsonJuly 24, 2014 2:44 AM

@ Mike the Goat,

WSJ data for 1 BTC.... how the mighty are fallen.

Some types of Paywalls, are a curse on humanity and a clear demonstration of the "Brain damaged" thinking of certain newspaper proprietors, editors etc. Rupert "the bear" Murdoch being a prime example, where they expect you to pay for little more than re-boiled gossip, with at best shoddy journalism. Then to add insult to injury they sell on your details as well, or spend so little on security others do it for them.

But worse still most online offerings are much less than the paper equivalent and often stuffed with "copy-n-paste" stories either stolen from other sites or copied off of marketing blurb.

But a little "google foo" can usually find you sufficient details to build the story yourself, with a lot more details, you can independently evaluate, thus not suffer the Editor or Proprietor bias and political spin. Thus it's best to "Follow the Source Luke...".

WaelJuly 24, 2014 4:26 AM

@Clive Robinson,

I think that sounds a bit ridiculous...
Just so it's not misunderstood, this applies only to the question: "would a "inc eax" be more secure than a "xor r1, r2" for example?" -- not to your comment.

Clive RobinsonJuly 24, 2014 4:52 AM

@ Wael,

Machine code instructions work at a number of levels depending on the type of CPU and various design decisions taken. But ultimately they reduce down to register to register movment and simple logic and arithmetical functions at the gate level.

At this low level "security" has no more meaning than it does to a nut and bolt, all that can be measured is it opperates "correctly". Security comes about in how we use these base level components in systems and the consiquences of their misuse or failure. Likewise the systems built of these base level components may not be in any way secure, but can become parts of other systems designed overall to be secure.

It is important to remember that security is a human notion applied from above and this becomes a set of rules. This is because the logic has no ability to know what data is secure and which is not, it has to be told via some method be it locational or tagging that can be evaluated by rules. Thus if the program layers above incorectly assign location or tagging to data there is nothing the rules will do as they are not being violated.

The problem is most of these base level parts are designed to be maximumly usefull, that is both the bolt and nut are designed to be turned easily usually via a hexagonal head etc. Which means they are often not easily made secure or the number of possible use vector interactions is beyond reasonable security analysis (hence the thriving market in pseudo secure fixings that are mainly reliant on obscurity).

Thus the security process is to "knock the edges off" in some way and constrain the usage vector interactions to only those that are considered secure by some process or measure (ie the rules and their derivation).

And this is where it starts to go wrong, the processes and measures are creations of a limited outlook that often cannot appreciate let alone see all the usage vector interactions of the system. That is the complexity of the system gives rise to an attack surface with unseen flaws to the designers.

The ability for designers to see flaws is dependent on training and experience, and as the old saw puts it a ton of book learning can be balanced by an ounce of experience. Experience is usually hard won and cannot be easily found let alone purchased, it's that part of Sun Tuz's "Know thy enemy" that we call "getting inside their heads".

Whilst Newton pointed out it was possible to "stand on the shoulders of giants" most people take the wrong message away from it. Thus too many designers "assume" the foundations they are building on are solid and they either don't check them or don't know how to check them properly. In most use cases this is not important because the enemy they face is unthinking, unknowing, unmotivated and incapable of anything other than random selection. Not so with security where the enemy is usually the exact opposite, they think, they know, they are highly motivated, and their selection of attack points is honned finer than the sharpest scalpel.

To deal with such an enemy you need to be their equal or match in some way, hence the need to know them as though being them or even having been them hence the old adage about poachers and gamekeepers.

As Bruce and others have pointed out to stand a chance of being a good cryptographer you first need to be a cryptoanalyst and learn how the systems are broken.

Attacking security is like scaling mountains you don't just do it you learn to walk, then climb on progressivly more difficult slopes, then overhangs, you learn to deal with weather and the effects of altitude, and design equipment and tools to help you.

Many designers of current "in use" computer security systems are the equivalent of couch potatoes who think that buying the latest fitness equipment will somehow make them instantly fit. Whilst such equipment might get the best out of a work out, you still have to put in the time and effort to be fit. Thus whilst they might dress fit, a simple run around the block will shatter the illusion, which is just one reason why "adopt best practice solutions" thinking is a failure, likewise the "buy it in" mentality of managers that arises from "check box" auditing, that in turn arises from poor legislation or business agrements.

Similar applies to various safe languages, they only help you to be safe in certain ways and they don't encorage you to question if they are actualy working as you think. Like Swans they may be elegant and graceful above the waterline where you see them but you realy should know what occurs beneath the waterline to know the beast. Thus if an attacker knows how to get underneath and play with the safe process some way, your Titanic code though graceful and elegant will slip beneath the waves.

Security like safety is a state of mind, you don't get except through both study and experience as well as continual vigilance and the humility to know there will always be lessons to be learned and battles to be fought in what is an eternal war.

Which is why few achive the desired mindset, the problem is how to make the best of those that do, and further how to encorage more to reach it. I think that on the evidence to date we are not doing well in either asspect [1].

I have talked in the past about how to do this as part of C-v-P, where we move the bulk of everyday coding into higher level languages that are in effect like interpreted scripts that call small executable elements. It is these elements that are written by those with the security mentality as part of a larger security framework involving high end security hypervisors.

[1] Arguably we are increasing the number of people that do have the security and safety mindsets, but we are also increasing the number of code cutters etc far faster. Thus as a percentage of the whole, the number is still depreciating, and I suspect will continue to do so for some time into the future.

CallMeLateForSupperJuly 24, 2014 6:47 AM

@Moderator @Bruce

This blog's Search feature coughs and quits if Javascript is not enabled. Decidedly unfriendly. Even elgooG does not require Javascript.

WaelJuly 24, 2014 6:51 AM

@Clive Robinson,

Machine code instructions work...
Many valid and insightful thoughts. Whatever is left of the brain is finally (thankfully) getting foggy at this early hour of the morning, so I'll defer my comments for sometime. I mainly agree with the bulk majority of your analysis, but some of your comments need to be discussed in more detail :)

BenniJuly 24, 2014 10:26 AM

It turns out this is what the BND wants 300 mio euros for;

http://www.sueddeutsche.de/digital/internet-ueberwachung-bnd-will-gigantische-datenmengen-speichern-1.2059582

In order to real time monitor the internet, BND came to the conclusion that databases with harddrives are too slow.

SAP has a software for handling of large databases in RAM. BND says that prizes of RAM would have fallen down so much that it would be possible, to create a fast flowing ram buffer where they temporarily store the internet in real time,analyze it,pic out the interestinf items, and then new incoming internet data replaces the old data in ram, and the analysts begin again....

Nick PJuly 24, 2014 12:05 PM

@ Wael

Clive and I have the same view on what security is far as computers. It's just a policy about what the system should or shouldn't do in a given circumstance. It's high level, though. The policy has to be broken down into rules that a machine can implement in some way. So, "can't get hacked" might become "only runs authorized code." At that point, you can look at how code is loaded into the system and determine if it meets the policy. You might add some kind of signature check into the loader. You might notice malicious data becoming code. This might make a rule about code and data being treated differently, with the latter not becoming the former without authorization. That might lead to a tagging or capability scheme. You might see covert data leaks from memory reuse. This leads to a rule saying new memory must be zeroized before use (or old memory after use). And so on.

So, you need the right rules and mechanisms to implement the security policy. You also need correctness arguments for the machine components, including those mechanisms. The best (only?) example right now is Rockwell Collin's EAL7+ CPU verification. It's basic specs are here. Notice how they combine rigorous, layer-by-layer development with a security policy reducable to rules and mechanisms.

Nick PJuly 24, 2014 12:25 PM

High assurance crypto open sourced!

Exciting news for the cryptography field. I've previously cited Galois's great work in high assurance software from proving to synthesis. I also reported on CRYPTOL language that allows high level specification, verification, and synthesis of cryptographic algorithms. They even did Skein once. They recently released it under BSD license along with a book and worked examples.

http://cryptol.net/index.html

Beyond awesome, eh? Alright closet cryptographers, time to code up some algorithms!

Note: I'm truly curious if the automated synthesis method deals with covert storage or timing channels. If not, that can be fixed.

AnonymousBlokeJuly 24, 2014 1:09 PM

On the Security of Computing Languages


I am very skeptical on any truly safe language being able to be invented. However, I am much more of a vulnerability analyst then I am a programmer, so I largely have to work with what other people program in.

From my perspective, having been in effectively bug finding for these past fifteen some odd years (with some diversions here and there)... a primary area of concern is in web applications and secondarily in clients.

Today, web applications largely *are* in "safe" languages. While theoretically you can find buffer overflows and other memory corruption problems, very often this is not the case. With web applications. Java, C# on the desktop, another matter.

SQL Injection, itself is one of the big bane's of the industry. Many of these major web hacks you have seen involve SQLi. Yet, it is relatively easy to test for.

Why can't companies get rid of such a trivial to find security issue? That is a problem I am interested in.

One issue I find is: security tends to be underfunded. Another issue is that people are prone to errors, in general. A good example is studies performed on those who get only five hours of sleep a night. After five nights they are operating "as if" they are 1% intoxicated. Further, no study has ever found "more then 40 hours work increases productivity", but many studies have found more the 40 hours work *reduces* productivity. Errors are introduced in the extra time, and the extra time is wasted in correcting errors.

Organization is another major problem. Like the problem with TLAs, nobody knows what is running where. Security is at odds with development, and so development may not want security to know 'what is running where'. Even if that just means avoiding a bit more of a headache.


BJPJuly 24, 2014 1:19 PM

@AnonymousBloke

Dragging some of your salient points over here from the GCHQ thread....

I totally agree that Tor is too loud and dangerous for use under a totalitarian government. It is not meant for a situation where your adversary has a superior network position and the tech know-how to exploit that position. I do think it's better than nothing in some situations. Not every repressive nation has the tech capabilities of a USA/China/Russia; but if you're, say, Red Cross (not CIA) out there trying to do polio vaccinations in interesting surroundings you're a lot better off trying to tunnel Tor through a satphone link than to hit vpn.redcross.com from your hotel room Wifi. Belt and suspenders. No piece of software is good enough to entrust with your life. Pardon the cliche but as they say, "security is a process, not a product".

I won't even pretend to make an effort at guessing your spot in the privacy/crypto family tree; but I will thank you for your efforts, even not knowing their details. I've made some minor privacy tweaks to existing software, anyone using a version of Lynx from the last 10 or so years has a little bit of my code on their system. With that said I don't think I could feel comfortable writing any sort of privacy tool from scratch. People might rely on it. I know I'm not perfect. I'd blame myself for any negative impacts a user ran into, whether they were my bugs or their misunderstanding of how to use a computer.

Your theme of inferring future acts is intriguing. I don't gain anything from doing so, but enjoy trying to. What better exercise of data gathering and critical thinking skills is there for a regular Joe than to absorb information about capabilities, opinions, biases, hatred and try to extrapolate that into predicting the acts of large monolithic entities like militaries and governments, knowing that the evening news will make it pretty clear how right or wrong you are within a short time? Great fun, if it didn't have so many lives at stake. That's what got me to love Calhamer's "Diplomacy" game. How interesting it would be to run a game with certain commenters from here representing the seven great powers.

AnonymousBlokeJuly 24, 2014 2:22 PM

@BJP

TOR:

I think your argument there is sound, and do not think anyone would use it for agent handling.

But, I think what has happened has been unforeseen: TOR exit nodes are being compromised en masse and included in vendors blacklist files. A process has grown about in the industry where this is a very refined product. This is also not confidential data, but data which is marketed and there is a solid demand for the product. Corporations and governments alike are well advised to keep up on the lists.

This seems rather absurd, because there is *so much data* going back and forth. As I noted on the GCHQ list, the dead drop angle is generic and well advised. But, there are **so many ways** to perform a secure dead drop online. And if there is only one way to do it, then you may be giving the bad guys your method, so they can use that to find other agents. Or dissidents. Or whomever.

There is, however, the other problem intelligence agencies in the free world often want to face: how can the dams of information be opened, in general, to their people. Because authoritarian systems operate not at all unlike cults. They require controlling information. All information. Even a critical newsweek article may be absolutely detrimental to their **faith**.

I've made some minor privacy tweaks to existing software, anyone using a version of Lynx from the last 10 or so years has a little bit of my code on their system.

I worked for about four years at a major privacy enhancing company. I would prefer not to say much more about it, but I believe our contribution was worthwhile, even though the company eventually went under.

"Your theme of inferring future acts is intriguing. I don't gain anything from doing so, but enjoy trying to. What better exercise of data gathering and critical thinking skills is there for a regular Joe than to absorb information about capabilities, opinions, biases, hatred and try to extrapolate that into predicting the acts of large monolithic entities like militaries and governments, knowing that the evening news will make it pretty clear how right or wrong you are within a short time?"

True, but you can game events and situations over and over again, and regardless of how intelligent and motivated you are... you may still be wrong.

You can spend decades mastering chess & go, but still be horrible at really predicting what will happen. What might the problem be? For one, it can be unanswered questions that might help divulge previously unseen motivations & players.

I, think, however, my point here is merely to be disparaging to the concept of intelligence, in general. Look, there is little way to get around it, "Why did the US go into Iraq". There was almost no economic reason to do so, and almost no security reason to do so. So, who was really pulling the strings there?

Intelligence? Maybe so, maybe not. But, intelligence gave the go ahead.

Bush did not need polls to tell him to go ahead. Obama has not been listening to the polls on major issues. They have attempted to act as real leaders. Instead of simply following the crowd. But, who is leading them? Intelligence. Secret information they are privy to which makes them believe - despite polls - that they are making safe bets. They do have vested interests, they have their future to consider.

I am simply pointing out that intelligence, very likely, has become too bloated, and too biased. They can color the data - despite actual evidence - in any way they wish. Iraq is really not even the issue here.

Put another way: I am sure you do not believe in a 911 conspiracy theory. I do not either, nor have I. Now, if you did believe in such a theory, and then later realize you were wrong -- oh wow, how wrong you were! You sure better do a complete overhaul of the way you operate in general. How you process and vet data. How you choose what you believe.

If you do not, you are prone to simply run headlong into more and more errors.

With the US - and other agencies - this is what, effectively happened. With Iraq. Now, Snowden and Manning are seen as scapegoat scenarios. But are they being considered in the line of a continued line of severe fault? That the intelligence agencies have gone the way of an Enron or Countrywide?

That is all I am saying. The situation looks grim. And with at least two major global flare ups happening, the chance for a major misstep there is **extremely high**.


WaelJuly 24, 2014 4:05 PM

@Nick P,

Clive and I have the same view on what security is far as computers...
You do metion some mechanisms that may be leveraged, such as "tagging",... Remember, this discusssion is about "languages".

SkepticalJuly 24, 2014 4:38 PM

@AnonymousBloke - Though on saying that, I have an itching feeling that both situations are right. Which means the US intel groups have one of those "impossible problems" they have to solve. A gordion knot problem.

A wicked problem?

My belabored point here is that: people are not asking "why". Or, when they do, they are stopping short. They get back something that looks like sound reasoning, but it does not feel like sound reasoning. Because it is not sound reasoning. The math does not add up, because it is sheer confabulation.

I do believe this is endemic to intelligence agencies, be they British and US, or Russia and China, be they Iranian and Israeli, or Japanese and Germany.

Consider the ISIS situation: Do you really believe Obama's response is correct there? I surely do not. He should have immediately gone back in and bombed the shit out of ISIS. Stop the problem before it festers. How long until ISIS joins up with the Gaza situation? How long before connections are made between the Sunnis in Lebanon, Jordan, Syria, Palestine, Iraq?

Let's say that you're correct about the ISIS situation. How strong is that as evidence that your hypothesis is true? If Obama had taken the course of action you suggest, would that have affected your assessment of the hypothesis?

In my opinion, they should have separated Iraq up in the first place. Give the Kurds their land, the Sunnis their land, and the Shiites their land. When I heard they were not going to do this, I was aghast. I shook my head.

If I were part of a group, a TLA, as you guys say, I probably would have shoved my reasoning down deep and confused *sound reasoning* with *lack of loyalty*, maybe even feeling guilty for my doubts. Because that is what group think does to people.

Declassified documents seem to indicate that there is a fair amount of debate among analysts, and between agencies, on any given difficult question. It seems likely that questions as to Iraq's future course, and especially as to relations between various groups and factions, would be the subject of lively discussion.

All the agents in the field, all the taps on all the wires: all serve simply as a ruse. When final decisions come down, they very well may ignore the vast majority of all their hard data. You can see this time and time again in history. From Vietnam to Iraq. One of the best examples is with Stalin and his spies during WWII, when everyone was telling him "The Nazis are about to betray you". He did not listen.

This seems to imply that intelligence agencies actually furnish accurate and useful information, but that policy-makers ignore it. And while that may or may not be true, I'm not sure how well this claim squares with your earlier hypothesis.

Nick PJuly 24, 2014 4:56 PM

@ AnonymousBloke

I wrote a post on secure web languages here. It lists many different approaches and projects, some of which easily defeat SQL injection.

@ Wael

"You do metion some mechanisms that may be leveraged, such as "tagging",... Remember, this discusssion is about "languages"."

Of course. Clive brought up that languages get turned into machine code. He brought it up because hackers attack machine code, not source code. The source code is the specification and the assembler is the implementation, you might say. I pointed out (a) what was involved in verifying implementation against a security policy and (b) what kinds of changes to an implementation it might inspire. If you want a language example, here are a few that the compiler can handle for the developer:

1. Requirement: no stack overflows. Solution might be a reverse stack so stack pointer can't be overwritten by incoming data.

2. Requirement: data values don't overflow. Solution might be either automatic overflow checks or using a 64-bit value.

3. Requirement: strong compartmentalization of data. Solution might be using segments or partitioning app into communicating process in various address spaces.

4. Requirement: malicious data can't become code. Control flow integrity techniques can be combined with 1 and 3.

5. Requirement: array pointers shouldn't be used to access other data. Solution might be bounds checks built into array accesses.

6. Requirement: no race conditions between threads. Solution might be putting shared data into concurrent objects that handle synchronization of concurrent reads and writes a la ParaSail.

7. Requirement: no memory leaks. Solution might be a garbage collector or reference counting scheme.

So, just as for hardware, making a safe/secure language is about understanding the key requirements that must always apply and known problems that sometimes happen. One then might build a countermeasure into the semantics, compiler, linker, and so on. Alternatively, one might use a static (or dynamic) analysis technique that a language decision makes easier to use (i.e. SPARK's verifier). An even simpler method is to modify the instruction set or hardware to enable strong confidence in very important security properties. A safer language then leverages that for its own security/safety claims. That's what a number of past (eg Burroughs, i432) and current (eg Sandia SSP, SAFE) systems did so I brought it up, too.

AnonymousBlokeJuly 24, 2014 7:07 PM

@BJP

Well, BJP, definitely an amusing discourse to me. I have often tried to apply physics to group dynamics. Not that this is an uncommon penchant. However, unfortunately, it can also lead into pseudo-science.

I think, as there was a tendency in Paul, and in Einstein, the idea that "God" is the "author of chaos [or entropy, plays dice with the universe]" is an appalling thought. (I will here note Einstein's perspective of "God" well deserves quote, though... may also be Paul's perspective.)

(Whatever the case, it is irrelevant.)

People *want* order to the universe. And while many scientific studies may be in doubt, those which prove humankind is biased in what they believe... that 'there is no truth, because they believe what they want to believe according to their preferences' is quite true.

Unfortunately, to that notion, the concept of "cognitive dissonance" which the author of that paper there tries to betray is its' self also quite proven otherwise. When people are presented with material that challenges their core, underlying beliefs... they desperately seek to find a solution to their disillusionment.

They might as well have just nuked their own sense of self. And... there are ample studies which prove this is so, even to fMRI and MRI studies.

In such situations, they find themselves in deep, psycholical pain, and eagerly confabulate any manner of solution to their pain. It literally is a simple opoid style addiction. You threaten their entire opoid reward-punishment scheme when you blow apart their underlying, core, fundamental beliefs. :-)

I would argue this *is* important, and even "on topic" to Bruce forum here.

While it is true, I surely love to challenge the very concept of intelligence on this forum, just to see how people react... as we all well know there are spies here and spy supporters... :-) I am ultimately not so adolescent about my endeavors.

The fact is... Snowden (and Manning) deeply prove a disturbing trend in utter intelligence failures which might be said to have an head with the intelligence that backed and led the nations into the Iraq war.

I believe this parallel is often not so clearly seen because people get caught up on one side of the issue, or another.

Interjecting what is also a loaded term "the Iraq war" does not exactly help matters. After all, aren't you either "for" or "against" it?

Can nobody simply go, "We do not have the motive for that war, as we should". As for Snowden, it is a relate sort of scenario, but quite different: the motive of Snowden or Manning is quite clear, but it is difficult not to take sides despite that.

Sum it all up together, apart from any side: intelligence is failing, with huge cracks in it. Now, to Skeptical, I do credit him here with noting I am implying "the five eyes", specifically, but ultimately, I do mean all nations.

Foremost, perhaps, what myself and some of my friends call, jokingly, Gog and MaGog -- Russia and China. :-)

...

Worse, while I might make these observations, and point out these blatant, blinding biases :-) (BBB)... reality is *I* myself am biased about these equations. I am also quite confident that my own biases will win out. I consider myself saying what I am saying here merely as a completely unnecessary... hat tip of sorts. Perhaps, I have some joy in seeing good advice trampled on by my enemies. The joy of outsmarting them even while flinging the cards I keep so close to my chest in their face... is, surely, a rare pleasure. :-)


Clive RobinsonJuly 24, 2014 9:12 PM

@ Nick P, Wael and others reading along,

In many areas and especialy lower level technical issues my view point is consistant with Nick P's.

Where we tend to differ is on the high level stuff, not about the problems but in certain aspects of the solutions that might be tried.

I'm very much in favour of the majority of programers using a very high level language with levels of safety features others are only just thinking about (see previous discussions about probabilistic security).

That is I feel for various reasons our current crop of "safe languages" are failing us, and potentialy making current and future programers less security conscious.

My reasoning is two fold,

1, Lack of coverage (language).
2, Cotton wool syndrome (programers).

Current "safe languages" only cover a few of the lower layer rules of the security pyramid. The reasons for this are historical and like the problems with C initialy started due to resource limitations. Things are improving but to be honest it feels as though at a lesser rate than dangerous features, one of which is the tendency to mono cultures at the lower end of the tool chain.

I'm known for my disparaging comments about programers and their tendencies to artisanal as opposed to engineering development of their code (as re-enforced by methodologies such as "patterns"). And some I disparagingly refer to as code cutters. I feel much of the blaim for this should be laid at the feet of education establishments for their CS course content (usually you find better programers in the likes of hard engineering and hard science graduates).

But much of our education is by the principle we learn to walk by, which is "fall over untill you stop hitting the ground by putting your next foot in the way".

It's been shown in studies that "cotton wool parents" who "catch baby" rather than letting them fall slow the process of learning to walk down, thus slowing the childs development... But it gets worse the more cotton wool parents wrap their child in the more they slow the childs development, especialy after the age of two. A parents hand should be there, not to stop the child falling over, but as a conveniant hand hold for the child to pull themselves up after they do fall. It sounds cruel and heartless but that's the way evolution has set things up.

But there is another aspect, the later in life you learn to fall over the less likely you are to avoid injury in later life, which leads to avoidance behaviour, and thus a degenerative spiral.

What has this to do with "safe languages" well our basic learning method is to fail experiance a moderate amount of discomfort and use this to gain experiance of not making the same or similar mistakes. Apparently it changes the balance of neuron development such that both positive and negative re-enforcement takes place which is more advantageous than predominantly one or the other.

In fact tests show we learn more and faster from our mistkes than we do from our successes especialy if they were just random luck (in which case you learn nothing).

In some respects "safe languages" are "cotton wool parents" that hold you up, not let you learn from your falls. When added to the limited safety coverage the mix is not good and thus the probability of making mistakes that go unnoticed in the areas not covered goes up commensurately. The problem is the pain of this sort of mistake may never catch up with the programmer if they move on before the problem is exploited on customers systems, thus the programmer may never learn. But worse the "safe language" raises false expectations that makes diagnosis of such exploits considerably harder.

Thus from my perspective "safe languages" are not safe enough to make such problems sufficiently rare that they are once in a lifetime events, but are sufficient to delay learning and thus remedial actions...

That's my view point, it's your choice to agree or disagree with it in full or part. The problem is finding supporting evidence that is valid either for or against.

For instance much has been said about Delphi / Pascal, the problem is not if the evidence is anecdotal or not but its relevance. It was main stream twenty to thirty years ago, our whole software eco system has progressed immensely in that time, the methodologies of program development are changed quite radicaly. But worse even if it could be shown to still hold today is it going to hold tomorrow as we switch out of the imperative sequential to parallel programming models on massivly multi core/CPU machines (which in reality is the only way Chuck Moores Law is going to remain a law).

FigureitoutJuly 24, 2014 10:06 PM

Clive Robinson
--Apologies for the late response, I was just "checking my endpoints" and "my backdoors" as there appeared to be some activity. :p Wanna know what's fun? Seeking out an errant transmitting signal or false detections in an unshielded building littered w/ radios and sensors! Then when you finally work out some quick & simple things to try (of course having been working on something completely unrelated) the signal stops...Grr...Oh, I did notice an ethernet cable, goddamnit why...

Anyways onto the brain fever (have any recommendations on doctors?)...no my knowledge is weak in some crucial areas, amplifiers and one concept that is so crucial yet embarrasses me that it gives me problems...impedance. It's going to take me years to get that knowledge where I want it b/c I need to focus on things like code to ensure I have a guaranteed job...damnit so slow! I'm just an average engineer, I'm fine w/ that b/c I enjoy every minute of it.

Why do you like AM so much?

I'm focused moreso on many other things for the time-being and don't really feel like doing a "buffer overflow" on my brain. Chatting w/ you that tends to happen on a daily basis. I do look forward to my circuit classes (finally!), but I need to get other concepts first.

Anyway "thanks for sharing", can't reciprocate (again).

Mike the goat
--Yeah but that's still a highly unwanted "solution" for me (not to sound selfish, it's bad for everyone else too); in fact, that's worse. I don't want idiots that don't know what a serial connection is to have a backdoor in my computer.

And yeah won't delve into what Nick P has or hasn't done too much as it's pretty personal and I know people lie on here to protect who they really are for real fear of someone finding them. Just want to know though.

Petronius
--Yeah it's a homebrew SDR, you can't really expect much there compared to at least $10,000 and up investment in a radio manufactured by machines. The bigger point I saw was, a lot of people around the world could send a simple RTTY/PSK31/JT65 whatever, and the recipient could be anywhere on the internet (demanding those packets) and get a message.

Nick P
Lol. No.
--Really irritating b/c I couldn't find the thread and don't feel like reading like 200 pages of archives, can't even remember the year (90% sure 2011/2012, MAYBE 2010) where you "opened up" a little more than usual about yourself. Of course it could've been a lie but meh I'll just "take your word for it". You do make some suspicious posts outside of just "playing a devil's advocate". Just stop doing that and I'll put my guard down. :p

Shame you have a boring job, surely it could fun in some way...It could be nice for the mind though in that you can lock down other aspects as I'm beyond nervous at all the security holes at my place (got broken into and they didn't even steal the most valuable computers in plain sight, leading me to think malware planting). I enjoyed working ON not FOR a really big company a while back and observing all the security for just a private company (boardering on really a gov't asset). If I had a lab there, I'd have some reasonable assurance no breakins besides the janitors, which honestly I'd say just let me clean the lab myself and keep everyone away. Anyway, I get to pretty much do what I want in a nice little lab (but it's a rather temporary "job" lol). Wish it could last longer...

RE: Cryptol
--IT'S ABOUT DAMN TIME! Christ...how many new crypto projects have propped up since so much has been compromsied..? I mean I like math but I'd trust some other incredible mathematicians where "the truth" as one put it, just flows in their head. Maybe everyone's still in shock, it's quite a shock for sure.

Nick PJuly 24, 2014 11:18 PM

@ AnonymousBloke, BJP

I'm going add something to your discussion about Iraq, intelligence failure, etc. I did a lot of research on behalf of others when they were drumming up support for the war. There were accusations that they were creating a false pretext for war. That's a real conspiracy that's played out in our country at least 8 times off the top of my head, although most people would only recognize Vietnam on that list. We've invaded a ridiculous amount of countries which posed no threat to us. Afterward, we have bases and personnel there along with U.S. companies getting rich off their economies and resources. It's called imperialism, although they use words like "freedom" a lot. Double Medal of Honor winner Gen. Butler warned us thoroughly so we have no excuse. So, I decided to look into things especially as I was considering a government position at the time.

I'll just summarize a few points. Numerous analysts at DOD and CIA claimed publicly that they were being forced to pull information from old records (eg 1980's) about Sadaam gathering WMD's, then put them in modern-dated reports. I found much photographic evidence relied on blurry, black and white satellite photos despite their having high-res, color ones over the area. In one case, the report came from a satellite that was down for maintenance at the time per FOIA request. They labeled firefighting equipment as mobile production facilities despite the company that sold and serviced it publicly saying otherwise. They were accused of trying to pay off independent media outlets, outed Plame after a damaging story came out, and put some other journalists critiquing the evidence on the Do Not Fly list. Government web sites even had photos of Bush speaking to a bunch of soldiers that were the same 5-6 copied and pasted to provide an illusion of early support. I verified that one myself using several techniques to great personal amusement at the shoddy work.

This isn't intelligence failure: it's a massive disinformation operation. (Intelligence success?) Attacks on reporters, fake videos, fake satellite pics, analysts ordered to fake reports, and so on. All these kinds of claims and issues skyrocketed during just this time for just the purpose of getting us in Iraq. And this was despite the 9/11 commission's findings saying 9/11 was funded by a large element in Saudia Arabia, then performed by mostly Saudis led by a Saudi. They even had a confession by an operative who thought he was talking to Saudi's that would jailbreak him. Hard to imagine a President looking for payback then walking hand in hand with the Saudi leader, then hitting two countries that had nothing to do with it. Unless he and his partners had different motivations.

And that brings us to the *real* reason we went to Iraq: the plan to do so they wrote a long time ago. As I read it long ago, I said this is an idiotic and imperialist plan that will only cause us huge problems. The most likely outcome is accomplishing almost nothing in Iraq while anti-Americanism will go through the roof resulting in real problems. Turns out I was too optimistic. Looking back on the document, notable targets in their 90's plan were Iraq, Iran, and Syria. So, 9/11 happens, everyone is scared, and they quickly drop "btw, Sadaam was involved in this stuff." Then, there's all this shoddy evidence for WMD's along with analysts claiming they're forced to lie. The situation is pretty clear to me: a group wanting to dominate the Middle East with military might got into power, was lucky enough to have their "new Pearl Harbor" they were hoping for*, and then leveraged it to do what they planned to do. And many policy recommendations in the document became U.S. foreign policy, on top of that.

*The document says their plans will be a slow, uphill battle unless "a catalyzing event" were to occur like "a new Pearl Harbor." The conspiracy nuts go wild over that one, but I'm just calling them opportunists.

So, in summary, my research into the invasion of Iraq was that it was planned in the 90's, leveraged post-9/11 fear, used a stunning amount of [shoddy] disinformation, and only had a little to do with terrorism. This is somewhat to mostly true for Afghanistan, as well. The result of these *acts of treason* by individuals in the Bush-Cheney Administration were the following: over 20,000 American soldiers dead with many more maimed or suffering PTSD for life; over 200,000 innocent Iraqi's dead with violence and social problems at all time high; destabilization and rampant anti-Americanism in Middle East worst than ever before; over $300 billion dollars in short term; $1-6 trillion in long-term costs. That's worst than everything terrorists have thrown at us in our entire existence. And even worse, the criminals that did this profited off of it and continue to do so as they live free.

Like INFOSEC taught me, the inside threat is the greatest. There are real conspiracies that happen in government. There are political factions whose agenda demands global dominance and "total war." They believe it's absolutely necessary for our survival and will do anything they can to achieve this. Faking evidence to start some of these wars isn't any worse than all the other pretext-ed wars we've been in. So, you can bet they did it and that totally reframes discussions about "intelligence failures." If intelligence agencies are being used against the American people, the only failure is the people to hold them accountable and throw the guilty parties in prison for treason. I predicted if it didn't happen, we'd see even more military action in Middle East and efforts to dominate the internet (mentioned in early documents). Snowden leaks (and public's apathy) haven't led me to feel better about that prediction.

FigureitoutJuly 24, 2014 11:46 PM

That's worst than everything terrorists have thrown at us in our entire existence. And even worse, the criminals that did this profited off of it and continue to do so as they live free.
Nick P
--Hence...violent revolution is needed to kill the terrorists within...? Police and the military only take orders "from their superiors" so they'll never get rid of the threat themselves...

And you mention "apathy" in the public. Tell me, what have you done politically to change this besides posting on a blog? Consult some politicians? Which by the way is all it takes to get you on a list which I'm sure you're familiar w/, but there's other lists. Snowden pulled the trigger that so many other potential whistleblowers were scared to, it was a truly courageous move as a normal life is f*cked for him.

AnonymousBlokeJuly 24, 2014 11:53 PM

@Nick P

I have to admit here, Nick, I am one of the bad guys, by your book. I have no problem with the invasion with Iraq. I knew full and well they had *nothing* to do with 9/11. I knew full and well Iran was far more of a threat.

I did believe that not separating Iraq into sectarian borders was a poor choice. But... that was about it.

I did not really care, because I knew the chaos that would cause would suit my aims.

Right now, no big deal. ISIS is making some waves, Gaza is being bombed. It seems all unrelated enough, and nothing much will come from it.

Sure, ISIS will make inroads with Sunni in Lebanon and Jordan. Then, what will happen. Probably, Russia will chime in with some big bucks and weapons to keep the Euro states and US preoccupied, so they can focus on Ukraine....

All of this is absolutely preposterous... until it comes to pass. And by then, everyone will forget it. Believe me, they will have much more serious problems to worry about it.

Consider, for a moment -- no one made money from Iraq. This whole "blood for oil" thing was bullshit. Cry wolf. Quite the contrary. It cost enormous amounts of money.

It is by no means as simple, either, that Bush was some puppet of the Israeli lobby. They would be horrified at these plans.

Last thing they would want is to have all the nations on earth outraged at them and sending their troops to their border.

No... whomever or WHATever is behind this Evil Crap... is far more diabolical then any of that... :-)

Nick PJuly 24, 2014 11:57 PM

@ Figureitout

"And yeah won't delve into what Nick P has or hasn't done too much as it's pretty personal and I know people lie on here to protect who they really are for real fear of someone finding them. Just want to know though."

I have almost no security or privacy technology in use right now. I'm beyond easy to find and my main opponent almost certainly has my equipment under surveillance. Yet, they and others can clearly see I just do my boring day job, visit friends/family, do the occasional random thing, work on designs/analysis for most of leisure time, and promote action in certain directions along many media. My hypothesis is that they're less a threat to me if they know I'm not a threat to them. Beating them at the game head-on with their legal and military might, along with what they've seen me post over the years, isn't going to happen. So, I've adopted an unusual strategy that lets me work toward my goals without them feeling the need to take more direct action against me just to see if I'm a problem or not.

If the American people decide against them and the law changes, then I'll have a foundation to build some real personal security on. Meanwhile, I just do my thing, expect that I'll be monitored somehow, ensure truly private activities happen face-to-face, and stay prepared to deal with whatever threat (govt or not) comes my way when it does. So, I wait and do my thing.

"Really irritating b/c I couldn't find the thread and don't feel like reading like 200 pages of archives, can't even remember the year (90% sure 2011/2012, MAYBE 2010) where you "opened up" a little more than usual about yourself. Of course it could've been a lie but meh I'll just "take your word for it". You do make some suspicious posts outside of just "playing a devil's advocate". Just stop doing that and I'll put my guard down."

Lol. I am that I am. Nothing more, nothing less. My experiences and thoughts are diverse. Far as your guard, keep it up. Also remember that people's trustworthiness comes from their statements and actions over time. Mine have been fairly consistent. Might be some BS in there somewhere, too. I can't say I'm immune to the temptation of embellishing a bit, yet I'm pretty consistent even when I posted under the influence of "the hard shit." ;)

I do have a rare ability to do a 180 on a topic over time or in mid-conversation. It's why Wael has his "security schizophrenic" limmerick for me haha. I've done this on my security focus (from software to hardware), on Snowden (from whistlblower to whistleblower/traitor combo), on fabs (from verified fabs to use most cutting edge masks), and on NSA (respecting their INFOSEC *seeming* contributions to hating that they only subverted those standards). I can't say whether this trait of mine is a good thing or a bad thing. Like evolutionary algorithms and simulated annealing in my old A.I. work, it does have the advantage of being a problem-solving strategy that can get past solutions that only *appear* to be the best (local minima). The drawback is I have a hard time sticking with a given project, beliefs or circumstances. The advantage is, if there's a better path, I'm more likely to find it or spot someone else on that path.

"If I had a lab there, I'd have some reasonable assurance no breakins besides the janitors, which honestly I'd say just let me clean the lab myself and keep everyone away."

Red team maxim: janitors, A/C guys, and people who look/sound like tech support can go pretty far in a "secure" building. Your strategy of cleaning your own stuff is perfect so long as you ensure the janitor *really* doesn't have the keys/codes to your door and can't pay/threaten security head for it. You might need to learn some HVAC and sprinkler systems, too, if going DIY route to physical security. ;)

re Cryptol

Absolutely. This tool is great because it eliminates the whole coding step of the process once the tool is targeted to an architecture. Domain experts in cryptography can create algorithms, specify them in this language, verify them, and synthesize an implementation. The tool itself can be improved to handle new risks and have more optimizations. The underlying tech might even be used in another application area. I give major props to Galois for doing their part to bring high assurance capabilities to the masses. There's not many in the field. Yet, they really carry their weight despite being a very small business.

WaelJuly 25, 2014 12:22 AM

@Nick P,

I do have a rare ability to do a 180 on a topic over time or in mid-conversation.
That's a sign of open mindedness, modesty, and an indicator that you are sincere about learning, sharing your knowledge, improving your abilities and thoughts rather than defending your ego.

It's why Wael has his "security schizophrenic" limmerick for me haha.
Still working on it, along with tens of other "todos" from you and his highness @Clive Robinson :) It's not scanning yet, keep flip-flopping, and I'll nail you with it one of these days :)

FigureitoutJuly 25, 2014 12:27 AM

I have almost no security or privacy technology in use right now. I'm beyond easy to find and my main opponent almost certainly has my equipment under surveillance.
Nick P
--Yeah, otherwise you wouldn't be posting here...Kind of lame given how much you talked about secure ethernet connections over the years...Not that I have any room to talk, I've been reduced to essentially physical methods that are near impossible to surveil perfectly still...

So, I've adopted an unusual strategy that lets me work toward my goals without them feeling the need to take more direct action against me just to see if I'm a problem or not.
--Yeah I keep trying that but...uh..."problems"...don't...go...away...Just want to go to the gym one time...I can't even talk about this, I need an email.

I don't think you're being honest though about your past and present, but that's your choice. Surely you remember the thread, I don't know why it won't show up in my searches.

I don't trust the computers at my work whatsoever, haven't trusted any for years now, so no change for me. Some untrusted admin has practically no effect on me even though I saw a few. As always my ultimate backups remain provably untouched which no one will find since I don't think I'll use them ever again (goodluck whoever trying to find that lol).

You might need to learn some HVAC and sprinkler systems, too, if going DIY route to physical security. ;)
--Yeah there's no reason to have a sprinkler or a HVAC system in a secure building, only cool air that has been sufficiently "filtered". Honestly, we could create our own AC-system w/ a really deep hole and a fan, and create some homebrew heaters for the winter lol. And, who cares what the grass looks like?--lol

WaelJuly 25, 2014 1:05 AM

@Clive Robinson, @Nick P, and others following...

In many areas and especialy lower level technical issues my view point is consistant with Nick P's.
As do I. We agree on some fundamentals, what we tend to discuss is high level philosophies and methods to implement and attain the fundamentals.

Where we tend to differ is on the high level stuff, not about the problems but in certain aspects of the solutions that might be tried.
True. The balance of your comments need an elaborate and methodical approach to investigate. We are still talking about "security of programming languages". I didn't have the time to decompose the factors that contribute to programming language "insecurity". What I am thinking is along these lines: the factors are: syntax, ease of learning, effects of teams working with different skill sets on a given project, characteristics of the language, memory management, sandboxing, shared libraries, OS effects, HW contributions, tool chain effects, multi-language projects, etc... As you can see, it's a long list. Using "linearity and superposition", I was going to attempt to "isolate" the language and each other component and look at them separately. I am aware that this subject may not be suitable too be "linearly" modeled, but at least we can start a "first model approximation approach", and fix things at a later stage. Maybe my method is flawed, but I just wanted to share my thought train with you. So I have not forgotten this thread, just need some time to sort out some things...

WaelJuly 25, 2014 1:24 AM

@Figureitout,

no my knowledge is weak in some crucial areas, amplifiers and one concept that is so crucial yet embarrasses me that it gives me problems...impedance. It's going to take me years to get that knowledge
Impedance isn't that hard to grasp. I'll share with you couple to good text books to read. I don't have them on me at the moment. When I was in my early teens, I tried to build an audio amplifier (a push-pull) two transistor amplifier. I didn't understand the theory at all. All I knew was that transistors amplify things and resistors reduce "things". I knew that the "things" are current and voltage. When I looked at schematics, I could never understand why someone would put so many resistors (that reduce currents) in a system that amplifies power. Years later, I learned about biasing, complex impedances and rotating phasors, voltage dividers, etc... It all made sense after that. Then things started looking strange again when I moved from audio to RF and high frequency amplifiers and antennas... It can take years. If you have the interest, you'll enjoy learning this stuff, and if you are lucky, you'll get to work with them as a profession too.

If I were to start all over again, I would concentrate on Electromagnetics and distributed components first, then the other stuff will seem relatively easy because I would have understood the fundamentals.

WaelJuly 25, 2014 2:44 AM

@Nick P,

Still working on it
Ummm, gotta get this off my back -- been two years! Dang it, Nick P! You are gonna get me banned, bud! You know I am weak when it comes to classy literature!

Nick P was a Security Schizophrenic from Nantucket
Who kept all his designs in a digital bucket
But his friend, named Clive,
Shared his architecture jive
As for the architecture, no one could un-f&#kit

My list is one less now :)

Clive RobinsonJuly 25, 2014 2:51 AM

@ Nick P, Wael,

One I just dashed off

    There is a young lad called Nick, Who can make a large comment right quick. But with opinions with which he'll not stick, He's given poor Wael a right tick.

WaelJuly 25, 2014 2:57 AM

@Clive Robinson,
+1
Great minds think alike :)
I think we just doubled the Moderator's blood pressure :(

Mike the goat (horn equipped)July 25, 2014 4:20 AM

Wael: that is brilliant.

Figureitout: I don't blame anyone from not telling the entire truth on a public forum. Usually if you apply a bit of intelligence you can work out what they do or have done for a living and infer from that a reasonable guesstimate. Nick is practicing good opsec - nothing wrong with that. I think most of us here have accepted govt money either directly or indirectly throughout our careers. That doesn't necessarily mean that is where our loyalties lie.

Gerard van VoorenJuly 25, 2014 4:34 AM

@ Clive Robinson

Besides the human part, I think the technology is also a serious factor at play.

Let's be specific. The two languages I know best are C and Go. So here we have a bit of (colored) comparison:

C:
* Lots of options for compilation, such as -Wpedantic -Wall -Werror. You are in charge.
* Macro's with global scope
* Header files are a mistake
* DMA
* Syntax is challenging (esp with macros and ternary if-then-else)
* Pointer arithmetic, gotos (too many of them), weak type system, no string support and the rest
* Toolchains are of mixed quality. The GNU toolchain sucks.
* Support for most / all? microprocessors

Go:
* Bitching compiler
* Simple
* Safety features are mandatory
* GC (which will be pauseless in the future)
* No DMA
* Good syntax
* Automatic code formatter
* Good and simple toolchain. No makefiles or autocrap
* Modules and namespaces
* Range checks
* Usage of C, C++ and assembly in a Go project is still possible
* SMP with Goroutines (the C.A.R. Hoare approach)
* Good profiler

All in all I think that Go has many improvements, while still being simple.

But I also remember, that was probably 15 years ago, the saying about the new OS, called Windows XP. The Dutch tech news said at that time (out of my head and roughly translated to English): "In terms of being bullet-proof, DOS is a t-shirt, Win95/98/Me an armored vest and Windows XP a tank."

Euh... right. The internet caught MS with their pants down!

The ten years that followed were ones of patch, patch and patch again. Leaking all over. (sometimes it is good that people in general have a bad and forgiving memory)

Which brings me to the problem: We can't know what will be the "new technology" that makes all previous technology obsolete or unsafe.

Returning to Go. As I said before I think it has substantial benefits over C, also in terms of safety. However Nick P pointed out some points that aren't part of Go, such as integer overflow checks and lack of compartmentalization.

Maybe the "new technology" attacks just that. That means that simplicity alone is not enough. You need extra safety features built in. But at what costs? A prison for instance keeps "bad guys" away. A prison is a very expensive facility. You could also keep the prisoners behind barb wire. That is much cheaper. Well, the facility is much cheaper. The hunting for escaped prisoners will become expensive, as we saw with Windows XP.

To be honest, I don't see a real answer. Yes, we should get rid of C immediately, I think that is clear. But replace it with what language, I don't have an answer for that. I do think Go is very good, but maybe we should just use Ada. Maybe we should go for a real tank to be bullet-proof, if such tank exists.

Mike the goatJuly 25, 2014 6:32 AM

Gerald: While I agree with you that language choice can certainly influence the security of design I think that the most significant variable is going to be how judicious and careful the coder is, no matter what his choice of environment. You can code badly in anything - but yes, granted - some languages do make it harder and unfortunately C is one of the worst esp with things like stack smashing and buffer overruns which you could argue both good language *and* good compiler design should guard against. But I'm just stating the obvious. The real reason I wanted to comment was in response to your quote made about Windows XP.

Windows NT is just a mess. Dave Cutler might like it, but I bet that only the die hard Microsoft fanboys would agree. The architectural issues with Windows go so damn deep that I don't think that it is even possible for MS to fix it, short of an Apple-like response - complete rewrite and break backwards compatibility (bar emulation) but to hell with it. Hell, Apple's classic OS wasn't even all that broken when you look at NT in comparison.

Clive RobinsonJuly 25, 2014 7:23 AM

@ Gerard van Vooren,

Like you I can only guess at the future, but one thing I do know is having one language for all tasks is way to much "of an ask" for the systems we need to build, without even considering security implementations.

Which is why I have been thinking about very high level scripting style languages for application and other code cutter activities, which takes security out of their hands at all but the higher levels. But the scripting widgets would be written in a lower level language by those with a good understanding of security at the lower levels. Likewise OS code and driver front ends in a lower level language. Importantly the languages used at each layer would be appropriate to that layer, the skill set required of the programers and importantly the security required at that level.

If you think back to the old TTY CLI days prior to job control, the security was in the OS and the app ran in a controlled space which could fairly easily be made like a sandbox (chroot etc) and thus the app developer only had to worry about the higher layers of security that were within the app basic functional specification, not the security rules in the OS etc. Frequently back then the *nix philosophy for apps was to "script a prototype" then only for performance reasons on limited resources go to re-developing it in C, as it was the most productive use of development time.

The problem with this model was "commercial interest" raising it's head. Software companies did not want scripts as it was like "giving the source code away" which back then was not considered a good business model. So code was sold as either stand alone executables or linkable / object files, usually written inapropriately in a low level language like C as that was what the OS developers supplied for OS and lower level development. Hence everyday apps got developed from scratch in C, which was very inappropriate along with all other levels of programing. Thus C became an industry standard by which developers were likewise inappropriately measured, and the more appropriate scripting left to admins... Worse this business model has amongst many other woes give us "DLL Hell" and many interfacing woes necessitating "dog and pony show" work arounds oh and not to forget Patch Hell as well.

But it got worse much worse, as I've said in the past the web blew this single user CLI app in an unshared environment development model out of the water. The browser app might still run in a protected environment, but it was now required to be multitasking in the same environment space. App programers did not have the knowledge or resources to be able to manage let alone build multitasking security and we've seen the results. As I said for several years befor the Chrome announcement, "we need to lift OS security into the app layer" and as usuall I was ignored even though "it was bleeding obvious" ;-)

Chrome partly did move the required security up, but rather than go the distance google neutered it so that the likes of cookies and other fingerprinting techniques would still work (a house without a roof is not a house but a walled garden).

So no I don't want "a" safe language, what I want are "multiple "languages appropriate to the level of development.

As I've indicated "secrity is top down" and it also differs dramaticaly at each layer. The environment rules down at the multitasking and lower layers should be invisable to developers at higher layers where the security issues are more abstract and require totaly different thinking and methodologies.

The old "one size fits all" joke should not apply anylonger to languages it's inappropriate and it's failing us badly now and will only cause more pain in the future. The problem is though that whilst we are seeing languages for development layers comming into existence and being used, almost invariably those in common use do not have layer appropriate security as a built in, thus we don't see any security benifit...

Clive RobinsonJuly 25, 2014 9:21 AM

OFF Topic :

Want to know why you can not fly or are being watched?

Then you need a look at the US rules used by atleast 19 agencies, none of whom require either proof or real reasonable suspicion and once you are on all 19 have to agree you can be taken off,

https://firstlook.org/theintercept/article/2014/07/23/blacklisted/

This could qualify as an entry to yet another usless US Gov Tax Money Pit, that unfortunatly has significant international consiquences for blaimless individuals.

BJPJuly 25, 2014 10:56 AM

@AnonymousBloke, Nick P, Skeptical, Clive...

This is part of why I haven't posted here so much. So many intelligent people and so little time to keep up with such high-level, thoughtful discussion. Please pardon the length of this response.

Clive: I hope you don't mind if I move my response to you here, rather than the GCHQ thread.

Regarding "what is a crime"... I admit I was thinking more utilitarian than philosophical. A crime, for the purpose of my analysis of Tor, is any act which, if known to those capable of harming your freedom, you may wish to engage in without certain individuals knowing. This, of course, fits with what you describe in the sense of calling someone a "criminal" for doing something arbitrarily declared a crime is a bit of an injustice, but I am interested more in pragmatism. Perhaps those people, whether deemed "criminal" or not, are best served by behaving like a criminal would, and seeking to cover their tracks as best as possible. For someone interested in just living out their life while performing actions their jurisdiction considers criminal, rather than performing public civil disobedience, better results come from realizing you do indeed have something to hide.

Essentially, I view Tor as plenty good enough for someone who WANTS a bit more privacy. I view Tor as absolutely insufficient for someone who NEEDS more privacy. Exposure that risks life and limb is fundamentally different from "I don't want Google and thus advertisers and thus life insurers to know I search for info about diabetes."

Beyond that, I don't really see anything in your response to me that I would disagree with. I empathize with your experiences concerning surveillance though from what you've posted here before it seems you've done officially sanctioned work that would likely lead one to expect that they would be watched the rest of their life, no?


Nick P: My view of the intel community is that they are career men and women chained to their jobs, who know full well that the experience they have, the skills they've learned... are not useful on the outside. Their work is classified. They can't flaunt it on their resume or CV later on if they find themselves morally opposed to the work they are ordered to perform, or even if just on a less significant level they're tired of having a job they can't tell their spouse about. I don't doubt one bit that they receive orders to produce fraud out of whole cloth. Nor do I doubt one bit that they have saved thousands or millions of their citizens' lives. I do believe, or at least hope, that enough of them are true patriots who do believe in the principles that established their nations, governments, and constitutions such that they would push back against efforts to have them engage in parallel construction against their citizens or otherwise break the law.

I am not an internationalist. Sovereign nations can go to war. Sovereign nations can spy on others. Sovereign nations make their own laws and comply with so-called international agreements if and when they elect to do so, and they do so for their own reasons, not selfless idealism. If the decision making apparatus of the US elected to go to war in Iraq, they will go to war in Iraq. If they produced disinformation to aid that effort, oh well -- it limited press inquiry, it wasn't the proximal cause. The intel community didn't fabricate anything due to their own desires, they were told to -- or they simply did their job and the administration fabricated what they wished to out of it.

In some sense I prefer it that way. Compare this with what we have now -- a US media in bed with Obama that won't question a thing he does. He doesn't need to produce disinformation via the intel community to go to war, he just does it, as in Libya, and the media bends over backwards to justify it and paint any opposed as racist. Versus the somewhat imperial, unopposed Obama way, I would prefer the Bush way of producing a paper trail full of fraud to make it clear to history what we actually did.

The threat I see is the system-of-systems that sprung up free of intelligent design. Defense contractors addicted to growth. Politicians addicted to campaign funds. Civil servants addicted to the hope of a pension. Congress addicted to fooling the public into team A vs team B. Public addicted to fearing the "other" team will destroy the country if they happen to catch the presidency or SCOTUS seats or the house or senate. Living in constant low-grade panic as adrenaline junkies propped up by five hour energy and smoothed over by American Idol.


Anonymous Bloke: I would put Pearl Harbor on Roosevelt long before blaming Hoover. Can we blame Coventry on anyone but Churchill? Knowing what we know now, was Coventry "worth it"? Those decisions get made by heads of state. I'm not aware of any cases where intel officers withheld such information in a way that would leave them culpable. Of course intel exaggerates their relevance to those holding the purse strings; just like every other government department ever. Spend your whole budget or it gets cut next year. Blame every failing on lack of funds. Gain resources as compensation for known incompetence or poor judgement. The feedback loop for any organization not subject to vagaries of "the market" (where failure carries real risk of organizational death) works this way.

Those that benefit from manipulating the manipulable well understand what you state about an individual's attachment to their self-image. Look at the frothing rage of the left after the Hobby Lobby SCOTUS decision, that may end up affecting a few hundred people in the country. Look at the right's frothing rage over the previous SCOTUS Obamacare decision, which even though it affects more people merely re-codifies the government's power to tax -- and waive tax -- to accomplish something Congress decided to accomplish. But by making it look like They Are Winning, money flows in to candidates, rage flows out of partisans, people who disagree on the current issue that might agree on a hundred other issues start to dislike each other and stop working together, and we remain divided. It doesn't take a huge overarching conspiracy to grease the wheels of human discord, just a few jerks acting in not-so-enlightened self-interest.

I'm not willing to let the actual decision-makers off the hook for Iraq. Intelligence agencies may have provided (perhaps even under duress?) a ginned up justification but from a US-centric POV that justification was irrelevant. We were going to do it. Did that justification fool some other countries? Sure. Their citizens should hold their decision-makers' feet to the fire. But Iraq is on Bush, Cheney, Wolfowitz, et al, not the career guy drubbed into writing about WMD. If I read your statements right you seem to be implying intel community is the tail wagging the dog, but at the moment I won't cede that point. Many of those once in the intel community, the Gen. Alexanders, the George HW Bushes, may use their knowledge, contacts and power to bend the IC to their will, but it's the defense contractor shareholders making the money. It's the jingoistic presidents getting re-elected. It's not career NSA analysts retiring fat and happy. It's not the CIA guy on the ground in AFG profiting.

I agree with you so strongly that Snowden never should have happened. Not because "leaking is wrong" or even "harming my country's interests is wrong", but because FFS we're spending enough money that NSA should have systems that are worth a damn. They've moved away from SELinux internally, from what I hear, to more and more Windows (why on earth?), and more and more interaction with DEA, FBI, and other non-intel agencies. I would be shocked -- disappointed, actually, and concerned -- if NSA did NOT have the capabilities Snowden revealed. My discomfort with it all comes down to parallel construction more than anything else. I'm not going to get hot and bothered over listening in on phone calls to foreign nations. I will however get white hot upset at using that information for domestic law enforcement completely disconnected from terrorism or mass casualty effects or national security. I've discussed this with at least one ex-NSA individual who couldn't bring himself to say it didn't happen, and he seemed (between the lines) displeased with that fact. I'm much more interested in seeing perp walks and life sentences for anybody sharing intel community information with law enforcement to put people away for petty crimes, and for the intel community anything that doesn't threaten their nation's existence should be considered a petty crime.


I prefer to focus on what I can do. I can't change what the spooks do. But I can take personal infosec steps that reduce my attack surface for the spooks and for the much more likely threat of random, untargeted bots and targeted organized crime. To that end, I put a write up of mine about securing Firefox for privacy into the URL field for this comment. It won't stop a single TLA but it'll sure keep you from leaking quite so much to the advertisers whose systems TLAs compromise to bring in as additional data sources. Any of you who care to expand on it please do so; it will help someone someday.

Nick PJuly 25, 2014 12:26 PM

@ AnonymousBloke

"I did not really care, because I knew the chaos that would cause would suit my aims."

I respect your honesty. I'll say that.

"Consider, for a moment -- no one made money from Iraq. Quite the contrary. It cost enormous amounts of money."

That's far from the truth. The defence contractors made billions in profit. Dick Cheney's company Haliburton got large sums in no bid contracts. The banks loaning money for the war will make billions in interest. Congress' stock portfolio did nice during that time period so some of them might have benefited if investing in defense industry knowing about upcoming war. DOD also "lost" tens of billions in cash that you bet somebody found. The only people that lost money are the taxpayers and anyone that bet against the war.

"This whole "blood for oil" thing was bullshit. Cry wolf."

And ExxonMobil got a huge oil deal via the new government. They'll make billions a year. Even Warren Buffet thinks it's a gold mine as he bought 8.8 million shares in one of the companies. There's also been generals and spooks admit it was about oil. After all, as one CIA analyst said, if you don't have it your army ceases to move. Imperialists can't have that, eh?

That said, oil wasn't the reason we went there. Their written plan was dominating the world, esp with military. There were people over there that didn't go along with their foreign policy goals. So, we dealt with them in a way that sends a message to the next country that resists. Taking their profitable resources was just... icing on the cake. And a war spoil stakeholders were expecting, I'll add.

"No... whomever or WHATever is behind this Evil Crap... is far more diabolical then any of that... :-)"

Which brings me to this statement. We come from different directions, but I agree with this statement. I figured out a lot of the names on the list. No point in sharing them. Only a strong push by majority of Americans could defeat that group of people. And that group controls the (23?) corporations that own all the major media companies which inform Americans. It looks like a brilliant and sad checkmate to me.

@ BJP

re Iraq/Intel

"I don't doubt one bit that they receive orders to produce fraud out of whole cloth. Nor do I doubt one bit that they have saved thousands or millions of their citizens' lives."

Same here.

"I do believe, or at least hope, that enough of them are true patriots who do believe in the principles that established their nations, governments, and constitutions such that they would push back against efforts to have them engage in parallel construction against their citizens or otherwise break the law."

The problem is that compartmentalization works against that. They don't have to be involved. These machines can be aimed at people, collect info on them automatically, and only the most committed allowed to pull intelligence. This would be explained as assessing inside threats in the country. After all, as you pointed out, they live in a bubble and it affects the mind. Those who are taking the illegal action would be a much smaller group even less likely to speak out about it. Covert ops community, esp CIA, have always been like that. The existence of parallel construction as a major technique at FBI and DEA means they could also use them when framing someone.

So, the secrecy and command structures allow for abuse to both happen and go undetected longer.

"If the decision making apparatus of the US elected to go to war in Iraq, they will go to war in Iraq. If they produced disinformation to aid that effort, oh well -- it limited press inquiry, it wasn't the proximal cause."

That's the key problem I have. A nation thinking it's in their best interest to go to war and doing so makes sense. This is a republic, though. The Congress and President are supposed to be united on this sort of thing. Especially seeing that one controls the budget and one the military. However, a select few in the executive branch used disinformation on the people that elected them and on Congress. This deception led to a war that was not beneficial as the short-term profits weren't worth the long-term debt. Also, using the military against Congress and the American people violated the Posse Comitatus Act. It's the highest form of treason in a democracy. This is the kind of situation that should be punished severely by Congress, the courts, and/or individual citizens (citizens arrest of treason? haha).

"Compare this with what we have now -- a US media in bed with Obama that won't question a thing he does. He doesn't need to produce disinformation via the intel community to go to war, he just does it, as in Libya, and the media bends over backwards to justify it and paint any opposed as racist."

I don't think he's worse: just different. Bush/Cheney were hard charging warlords who made people pay for questioning them. Obama is the Loki-like sophist that gives supposed friends a huge while slowly slipping the knife in, leveraging both his image and race to keep people from even attempting questions. Obama also built on previous administrations surveillance state, extending the useful (to them) parts and changing others such as from conventional forces to more drones and spec ops. (Last point I like, actually, but not what they're doing with it.) So, it's just a new scumbag taking the reins of the system, building its power, playing by the rules of the hidden power structure, and doing his own thing on the side.

The solution is voting for men and women of integrity whose past record indicates standing by what they say/believe no matter what. Other issues can sort themselves out over time from there. Vote for the other kind, you get Bush and Obama.

"The threat I see is the system-of-systems that sprung up free of intelligent design. Defense contractors addicted to growth. Politicians addicted to campaign funds. Civil servants addicted to the hope of a pension. Congress addicted to fooling the public into team A vs team B. Public addicted to fearing the "other" team will destroy the country if they happen to catch the presidency or SCOTUS seats or the house or senate. Living in constant low-grade panic as adrenaline junkies propped up by five hour energy and smoothed over by American Idol."

Good assessment. It seems that way. Yet, there are groups at the heads of each of these that meet publicly with secret discussions. They also seem to have each others' back on a number of things and occasionally know the future with their investment decisions. I think the system's structure might've started (still is) an emergent phenomenon, but it became an oligopoly-like thing were those benefiting influence it in a way beneficial to all of them. And then they compete from there. That's been my theory a few years. More a cartel of cartels than a secret group of puppet masters. The end result is no less terrifying to anyone outside the group of beneficiaries.

AnuraJuly 25, 2014 12:29 PM

@Nate

"Any comments from elliptic curves gurus on the just announced 'BADa55 curves' paper?"

While I only skimmed, this sticks out:

"New seeds were generated until a curve was found meeting all security criteria."

That part makes me unconfortable, because it's not repeatable. I would have prefered "Seeded [well known PRNG] with the hexidecimal representation of the fractional portion of [e|pi|phi] and generated random numbers until the following criteria were met: [criteria]" - it's theoretically possible that there is a class of weak curves and you can keep creating random seeds until you find one that meets your disclosed security requirements, but also some other undisclosed requirement that allows anyone who is aware of a certain exploit to find it.

I have a lot of respect for DJB, but that still makes me uncomfortable.

Nick PJuly 25, 2014 1:22 PM

@ Wael, Clive

re Limmericks

LMAO

@ Wael

re language security

"What I am thinking is along these lines: the factors are: syntax, ease of learning, effects of teams working with different skill sets on a given project, characteristics of the language, memory management, sandboxing, shared libraries, OS effects, HW contributions, tool chain effects, multi-language projects, etc... "

It's a nice start. Idk about linearly modeling it. The closest thing is to look at how a machine code and OS implement each feature. Look at invariants that are supposed to hold, known problems, and brainstorm it in general. The language cannot be separated from a given OS or ISA: each implementation must be re-analyzed because its transformation of the language often will affect the security properties. It might be as simple as whether it internally uses a stack or registers. (Hint: one can overflow into code accidentally.) Not considering the concrete along with the abstract is a mistake too many formal methodists made in both languages and protocols, resulting in many security vulnerabilities.

In short: you're in for some pain unless the language and machine are quite simple. Now you know why I've looked at Wirth languages more than Ada recently, eh? ;)

@ Mike the goat
(re comment to Figureitout)

Yes, a large chunk of it is avoiding breaching NDA's and angering (or tipping off) TLA's. The mantra is anything you say can and will be used against you as a confession in a court of law. Or at a black site, these days. So, how to say without saying? I'm not philosophy major so I just water it down, modify identifying details, and also keep statute of limitations in mind. Much of what I said that was black hat was 7-10 years ago so SOL applies. Goal is to communicate knowledge or wisdom that helps others accomplish something while allowing myself a little pride or recognition. Getting totally accurate specifics out isn't important to me given such details could theoretically get me fined, imprisoned, tortured, or killed [depending on the offended party]. I'm a Harbinger, not a historian. ;)

@ Gerard van Vooren

Good analysis of Go vs C. It seems to be a good language with a few faults. Oh well on the last part as its intended audience aims for "good enough" software Mr Pragma, you, and I discussed previously. A language that's productive, performing, supported, and safer than the status quo. Go seems to deliver on that. Ada is best option for safe/secure system software, but it hasn't gotten widespread attention. Best thing about Go is it's getting used. ;)

@ all re languages

Dr Dobb's article on the Pike language
http://www.drdobbs.com/open-source/pike-programming-language/240168647

I think it deserves a mention in these discussions. Many good things people say about Go have been true in Pike starting in 1994. Some of its features are about safety, some about practicality. It's already been used in high performance web applications. I only avoided it because I didn't want to security assess another runtime, compiler, etc. after I had done quite a few language security assessments. Yet, someone just thinking about language design or trying new ones for non-security reasons might enjoy it.

BJPJuly 25, 2014 2:02 PM

@Nick P

You're right about how the secrecy and compartmentalization allow abuse to exist and go on longer. I do still think picking the info out is enough of an intractable problem that there will always be grunts stuck doing the sifting. The big guys have other stuff to do, and can't spend the time to become expert enough in every system such that they can pull much off on their own.

Or looking at it another way, if the government has decided to ruin you, they will ruin you. They don't need surveillance to do it. IRS can do it auditing you years back. FBI can entrap you or file false charges. CIA can spirit you away. DEA can plant drugs in your car. Burning intelligence capabilities to get at someone innocent is a self-limiting move, as eventually you've compromised all of your covert channels.

It's a hell of a lot easier to put a drug dealer up for the night at the house next door to yours, then OOPS no-knock SWAT raid the wrong house and kill you or get you charged for resisting arrest / obstruction of justice. Why would a malevolent state actor bother to bring in the intel community?

I read Posse Comitatus to involve the use of the military to enforce laws on domestic soil. I don't think using the military to commit fraud (or espionage or mission-support capabilities, depending on your point of view) to fall under that umbrella. I find it completely inappropriate, but not a PC violation.


Agree totally about voting for individuals of conscience and integrity, and agree neither Bush nor Obama count. I've voted for both Ralph Nader and Ron Paul for president. I'd rather have someone in power that I believe has a self-consistent, coherent world view that will stick with it, whether I actually agree with them or not. They become a known quantity, not a cipher that I have to assume will do whatever is best for him or herself at any given moment. We need another Silent Cal Coolidge that will just STFU and not drop "you're with us or against us" bombs or "using chemical weapons is a red line we will not tolerate, unless you use chemical weapons and I'm forced to memory hole this entire statement".

I like the "cartel of cartels" phrase. That fits with my view of the subject. Each nation is its own cartel, and the competing world orders (west vs Soviet in the past, west vs Russo-China axis now) are cartel competition. Similarly, like a fractal, every cartel itself is comprised of several others in competition within.

WaelJuly 25, 2014 5:58 PM

@Mike the goat (horn equipped)

that is brilliant.
Thank you sir, and you have an excellent taste, preferably cooked in an underground oven overnight :)

WaelJuly 25, 2014 6:04 PM

@Figureitout,

Hence...violent revolution is needed to kill the terrorists within...

A type-2 Zeugma response seems in order:

"You are free to execute your laws and your citizens as you see fit." -- William Riker, Star Trek: The Next Generation)

Mike the goat (horn equipped)July 25, 2014 6:49 PM

BJP: you're dead right re intel community in effect trapping those who work inside. Take it from me - when you leave you've got nothing. No references, nothing to enter into your CV but a suspicious big gap that you *can't* even legally discuss. You know what civilian companies think about that? They think you are a risk. A big risk. An unemployable risk. And even when you do land a job with a sympathetic employer who can do the math and knows you've been on a black project that damn decade long gap in your CV will haunt you every time you apply. Until you freaking die.

FigureitoutJuly 25, 2014 11:47 PM

Wael
Impedance isn't that hard to grasp.
--Yeah I mean, resistance w/in AC lines w/ a magnitude and phase. Weird. Our brains work differently most likely...I need to visualize it. If I could always immediately see the flow in a circuit it'd be great. For instance, on a run I finally got one of my visions I was looking for, for so long..on logic w/in a circuit. I got so excited when it finally hit me, "the logic is real!". It just is, it just happens. It is cold, it is harsh. And I could see buzzing flow electrons taking paths, same image stuck in my head. So instead of something dull like a truth table, I see logic in action.

I'll share with you couple to good text books to read.
--Uh, where are those books? (me looking at my computer BTW lol :p). Kidding I have enough to read.

RE: zeugma (whatever that hell that is you silly)
--Meh, they'll die too and so will their children, in a worse way due to the current trajectory of the future...Oh you misquoted me and need to add a question mark. People are too soft (myself included, and actually it's encouraged as I can't earn a living wage doing manual labor, otherwise I would), and I'd rather learn as much as I can instead of getting my skull split. But I'm not a coward like so many supposed Americans that have forgotten the adventurous spirit of the nation. So I speak my mind much more freely than those in chains w/in the gov't.

Nick P
such details could theoretically get me fined, imprisoned, tortured, or killed
--Alright. You see why I would be nervous including you on a security project if you can't say who all you've worked w/ or what kind of projects..? You can dig up my @55 all you want, I'm honest now.

BJP
if the government has decided to ruin you, they will ruin you.
--I don't get why people can say these things, then turn around and say we need to "Get out tha vote y'all!" as if the system isn't "systemically" broken. BTW, I voted (last time until system isn't a joke) for Ron Paul even when he dropped out but was still on the ballet lol...Then I got my little sticker "I voted!" after I had to state my political viewpoints to the pollers who then subjected their views on me, not to mention the...these worthless people...the campaign people just outside the door (the law says 50ft. or something stupid from polls) wasting paper and soliciting me to vote for someone I've never heard of.

I won't participate in such disrespecting joke of system this has become to our history. As if voting for one person will solve our problems lol...c'mon they will only get worse.

Mike the goat
Take it from me - when you leave you've got nothing.
--Man that sucks, I'm sorry...Sounds like they really "take care of their own", isn't that what the military says as so many vets are homeless, suffering from PTSD "suck it up you pussy!", or missing limbs for a war fought for contractors and our fat asses slurping oil. BRB, got to puke.

Nick PJuly 26, 2014 12:58 AM

@ Figureitout

"Alright. You see why I would be nervous including you on a security project if you can't say who all you've worked w/ or what kind of projects..? You can dig up my @55 all you want, I'm honest now."

I can see it. It's a common mistake. Your opponents are organizations that have massive capabilities in terms of beating security and influencing people/companies to do their bidding. It's best to assume everyone working on a project they oppose might be compromised. So, as I've said here for years, don't worry about whether you can trust the individuals or not. YOU CAN'T! You can't know for sure, anyway. Hence, the long time INFOSEC maxim of "trust, but verify."

So, how does this apply to you and I in projects? For years I've pushed high assurance security development methods like EAL6+ security engineering. These methods are designed to produce a secure system despite some developers being malicious. The way they work is to take a rigorous approach to specifying what the system does, how its protection works, how it implements it, how that's verified, and so on. Then, one or more independent evaluators check the process, design, source, documentation, and so on. So, you don't have to trust the people at all: you just have (what you hope is) independent, knowledgeable parties check *what is produced*. So, you're not having to judge me as much as what I produce and I'd say far as stuff on paper I'm one of high assurance security's more prolific peer-reviewed authors.

If it was code or design, I'd absolutely insist you run it past all kinds of people with a proven track record. That's if it's open, anyway. Otherwise, it would be limited to people who would sign and follow an NDA, but who would be allowed to assert a type of vulnerability was found in the product with a certain effect. They'd also independently produce, test, and sign the object code as in any high assurance evaluation. So, yet again, anyone worrying about how much they trust me when they can look right at my solutions are worrying about the wrong thing.

It would be different if I sent you a computer with a note, "I prepared this especially for you. It's secure. Use it so nobody hacks you." If you shuddered and smashed it onto concrete, I'd understand. The irony, though, is whatever COTS system you used in place of it would probably open you up to more attackers than me. And still be easy to compromise for anyone with my (or NSA's) skill. Your concern would at least be warranted in that case as you couldn't review what you were asked to trust. Leads back to my overall point: rigorous review by people you trust is the most important (and almost the only) good metric to go with. Whether you know the designer less so.

" I voted (last time until system isn't a joke) for Ron Paul even when he dropped out but was still on the ballet lol..."

Good for you. He was the guy I was backing too. I tried to get him some votes. The reason I pushed for him was that he (a) does what he says he will and (b) has balls of steel (source: Bill Maher not joking). I explained to other voters that voting for dirty or half-assed politicians means you have no clue what they will do once in office. And it's usually bad. I don't agree with plenty of Paul's ideas, yet he's taking a good approach to a few huge problems nobody else will touch (eg military industrial complex, NAFTA, The Fed). It makes most sense to vote for a guy that will provably try his best to solve these problems and who hasn't backed down under pressure/threats. His track record of down-voting a bunch of bad stuff means he's ideal person to give veto power too.

Sadly, I couldn't convince my fellow Americans. Of those commoners who aimed to accomplish something for their country, they seem to fall into three camps: those who gripe that their guy didn't win, those that gripe their winner betrayed them with false promises, and those that make excuses for the failures/evils of their winning choice. There are apathetic, elites, faithful, and businesspeople who like the situation. (shrugs) And the world continues doing more of the same...

WaelJuly 26, 2014 2:40 AM

@Mike the goat,

While I agree with you that language choice can certainly influence the security of design I think that the most significant variable is going to be how judicious and careful the coder is, no matter what his choice of environment.
Yes, I agree to that. It's almost a no-brainer.

WaelJuly 26, 2014 2:49 AM

@Nick P,

The language cannot be separated from a given OS
It can. Just ignore the other variables, then compare the languages. Then look at the developer's interaction with the language, and ignore everything else. Do that for the all the factors, then sum up the results. I am not too keen on writing this comparison up at the moment. I know it'll be long.

WaelJuly 26, 2014 3:09 AM

@Mike the goat,

And even when you do land a job with a sympathetic employer who can do the math and knows you've been on a black project that damn decade long gap in your CV will haunt you every time you apply.
You have two choices, both acceptable, to fill in the percieved gap in your resume / CV:

1995 - 2005: Principle spook -- Proprietary security work for a government agency. Cannot disclose under NDA and other regulations. Cannot confirm or deny the technology, programming languages, or any other details.

Or you can take the humorous route:

1995 - 2005: Ran my own blog and various "confidential consulting" services while moonlighting as a "Narrator for bad mimes". (Steven Wright, again)

BJPJuly 26, 2014 7:23 AM

@ Figureitout
"--I don't get why people can say these things, then turn around and say we need to "Get out tha vote y'all!" as if the system isn't "systemically" broken. BTW, I voted (last time until system isn't a joke) for Ron Paul even when he dropped out but was still on the ballet lol...Then I got my little sticker "I voted!" after I had to state my political viewpoints to the pollers who then subjected their views on me, not to mention the...these worthless people...the campaign people just outside the door (the law says 50ft. or something stupid from polls) wasting paper and soliciting me to vote for someone I've never heard of."

You'll note my posts didn't include any exhortations to vote. I do vote but I'm not under any illusions. The right person in the right place at the right time can make a significant difference. Those chances are few and far between. Mostly it makes little difference.

I've never had an experience like that voting. The campaigners have always been kept far away, and when forced to have a partisan preference (eg a primary) they hand you a D ballot, an R ballot, plus any others, you walk away to fill one out, then return and put one of your choice into the scanner and throw the others in the trash. But we don't even do voter registration by party.

Nick PJuly 26, 2014 2:05 PM

@ Wael

That assumes the languages properties hold during execution. Dozens to hundreds of software flaws later we see that this is not a reasonable assumption. The semantics of the high-level language isn't what the machine does: it's a promise about what the compiler will *try* to do for each target platform. Hence, why I say they can't be separated if your focus is safety/security provided.

Matter of fact, one measure of the success of a language design is how well it can be compiled into correct code and linked into an existing system. So, even mainstream language designers already know about this issue.

FigureitoutJuly 26, 2014 2:50 PM

Nick P
t would be different if I sent you a computer with a note, "I prepared this especially for you. It's secure. Use it so nobody hacks you."
--[chuckles] Oh the images, like you whispering in my ear; thanks for the nightmares now...I would definitely destroy that. Just like me giving you an EMSEC module, I don't think you would trust me if I gave you a little homebrew radio that "only transmits at these frequencies". I'm actually in the process of making a little robot for a girl moving away, just a vibrating old mouse w/ a switch using a 3V DC motor from a broken shaver. Pretty funny, eh? I could maybe attach a feather to the motor and have it sticking out too, hmm a vibrating thing w/ a feather...lol no won't do that. And I wanted to use this logitech mouse that I suspect has some malware in it, but it's too small (of course I would swap out the board and the little USB-stick radio if giving as a gift)

But no anything from you I'll take it apart in a shielded room to just check out the board and internals, never letting it touch any of my memory chips. Then I run 120 unregulated VAC straight thru and blow up as much possible, if it's fuse-protected then solder wires behind the fuses. Then break the PCB into little bits, solder-burn the chips, then put it all in one of those super powerful blenders. Maybe extracting some metal from the dust to store when I get my own smelter (one day..).

I would though like to see your little Basic-to-C++ converter, the code behind that. And I would run code you write via a VM w/in a VM from LiveDVD lol...

RE: your political attempts
--Sounds like mostly talking, at least it's more than most. I just feel you lump everyone else and blame "the American people", when you're probably doing the same thing being cynical and 'shrugging'. Yeah and there's no one else pushing the issues Paul did now so I'll exercise my right to not vote and angrily tell anyone if I want to vote, "No".

BJP
You'll note my posts didn't include any exhortations to vote.
--True I read too much into a part of your post. And yeah my voting experiences are like that, then I got spam in the mail later on for a cherry on top.

The communities don't even come together and talk, my neighborhood for instance, none of neighbors talk at all; unlike my old neighborhoods back like 20 years ago. Choosing a candidate like that to vote for, I would respect that, so long as that process is run by someone knowledgeable enough to just faciliate the discussion and not ruin it w/ his/her own internal biases, at least not too much.

No, we are given choices from some bought-out insincere worthless...I'll stop and exercise my right to not vote as it doesn't make a difference in the current system.

Clive RobinsonJuly 26, 2014 5:10 PM

@ Figureitout,

The right to vote is most over rated when it is not realy democratic or has conditions attached.

My biggest grip is the suposed democratic process is not, that is the in built assumption "spoiled votes" have no meaning. I very specificaly want a box on the bottom of the ballot paper that says "None of the above" and for it to have real meaning in that if it wins we don't have any of those monkeys in suits pretending to represent us whilst realy being on the take one way or another.

In the UK we have an electoral roll which is a register of those entitled to vote. However it has legal strings attached, one of which is jury service, where you can be called to sit on juries as one of the twelve peers for an indeterminate period of time from two weeks upwards. That is unless you have a sufficient reason not to do so, unfortunatly a judge has to decide and they can be darn cussed about it including making it a matter of the public record which means anyone who can read can find out the reason.

Some citizens have very real reasons for not doing jury service, that unfortunatly some judges take exception to even though they should not, and have been known to threaten those with beliefs that they should not stand in judgment of others with contempt of court in the past. There are also other reasons relating to peoples occupations that they either don't wish to have made public or are not alowed to make public. Those in certain parts of the medical profession often fall in the former and those doing some types of "government work" can fall in the latter.

The problem is there is no way to avoid the "public record" in the UK system other than by not being on the electoral roll which means losing you're right to vote, which is a high price for a persons privacy.

I upset a political representative a few years ago, when a previous government was talking about making voting compulsory, I raised the two points above in a public meeting and to there embarrassment they had no answers and other members of the audiance smelling blood in the water went for them further, so a good night for the citizens :-)

SkepticalJuly 26, 2014 6:46 PM


@Nick P - We agree on certain things, but in my opinion your assessment of intelligence analysis and reporting before the Iraq War, and of the motivations of various key parties, is incorrect.

Numerous analysts at DOD and CIA claimed publicly that they were being forced to pull information from old records (eg 1980's) about Sadaam gathering WMD's, then put them in modern-dated reports.

One of the questions such analysts would have confronted was the extent to which Hussein had hid WMD capabilities (meant broadly, from production/acquisition of components to creation to deployment) from inspection efforts following the Persian Gulf War of 1991. So information from that time period would have been relevant to some elements of the analysis.

However, I don't know of any instance in which any analyst was told to falsify current reporting by taking a record from the 1980s and changing the date on it.

I found much photographic evidence relied on blurry, black and white satellite photos despite their having high-res, color ones over the area. In one case, the report came from a satellite that was down for maintenance at the time per FOIA request.

Reportedly, imagery intelligence is sometimes degraded before being included in certain reports of broad circulation; sometimes imagery from commercial satellites are placed in such reports as well. What inclines you to believe that the best available imagery intelligence was not used by the appropriate analysts?

... This isn't intelligence failure: it's a massive disinformation operation. (Intelligence success?) Attacks on reporters, fake videos, fake satellite pics, analysts ordered to fake reports, and so on.

Personally, I think that some government officials overstated the reliability of the assessment of Hussein's WMD capabilities.

But I'm highly skeptical of claims that intelligence analysts faked reports, imagery, etc. I've not seen any evidence of that.

... And this was despite the 9/11 commission's findings saying 9/11 was funded by a large element in Saudia Arabia, then performed by mostly Saudis led by a Saudi. They even had a confession by an operative who thought he was talking to Saudi's that would jailbreak him. Hard to imagine a President looking for payback then walking hand in hand with the Saudi leader, then hitting two countries that had nothing to do with it. Unless he and his partners had different motivations.

The Saudi Government and AQ are locked in war with one another, notwithstanding any financial support flowing from some individuals within Saudi Arabia who were sympathetic to AQ.

And I have to highlight this part of your statement:

then hitting two countries that had nothing to do with it.

Iraq had no connection to 9/11.

But the Taliban in Afghanistan were providing harbor to AQ. I'm genuinely puzzled by your view on Afghanistan.

And that brings us to the *real* reason we went to Iraq: the plan to do so they wrote a long time ago. As I read it long ago, I said this is an idiotic and imperialist plan that will only cause us huge problems. The most likely outcome is accomplishing almost nothing in Iraq while anti-Americanism will go through the roof resulting in real problems. Turns out I was too optimistic. Looking back on the document, notable targets in their 90's plan were Iraq, Iran, and Syria.

The "plan" you linked to was the Project for the New American Century's "Rebuilding America's Defenses" paper.

Nowhere in that paper is a plan for an invasion of Iraq or any other country. The paper advises the US to shift forces to Southeast Europe and Southeast Asia. It advises the US to establish a permanent base in Kuwait, and to provide more permanent stationing in Saudi Arabia, for the forces already operating in the Middle East.

So, 9/11 happens, everyone is scared, and they quickly drop "btw, Sadaam was involved in this stuff." Then, there's all this shoddy evidence for WMD's along with analysts claiming they're forced to lie. The situation is pretty clear to me: a group wanting to dominate the Middle East with military might got into power, was lucky enough to have their "new Pearl Harbor" they were hoping for*, and then leveraged it to do what they planned to do. And many policy recommendations in the document became U.S. foreign policy, on top of that.

You've misunderstood the paper. The authors of that paper believed that the US was already in a position to maintain military dominance, globally, but that reductions in defense spending, and unwise defense spending, were eroding that position.

To remedy that, the authors proposed a shift to a fairly constant percentage of GDP spending on the military, combined with a renewed focus on missile defense systems, a shift of forces to East Asia and the Pacific, and continued "military transformation" efforts.

Nowhere will you find an endorsement to mount an expensive and resource-depleting nation-building exercise in Iraq, which sucks resources and will from every facet that the paper names as important.

*The document says their plans will be a slow, uphill battle unless "a catalyzing event" were to occur like "a new Pearl Harbor." The conspiracy nuts go wild over that one, but I'm just calling them opportunists.

Yes, but the document is speaking of military transformation efforts, not an occupation of Iraq. The Iraq War set back most of the goals set forth in that document.

So, in summary, my research into the invasion of Iraq was that it was planned in the 90's, leveraged post-9/11 fear, used a stunning amount of [shoddy] disinformation, and only had a little to do with terrorism.

Some key proponents of the invasion certainly believed that 9/11 had injected a new urgency to resolving what they viewed as a long-standing and growing problem. And they did not hesitate to make their case, in part, on that ground.

One could argue that those key proponents had views of Hussein that were unaffected by 9/11, but I'd be dubious. If anything their pre-9/11 views would make them more disposed to view 9/11 as a warning of what Hussein might someday attempt to accomplish or threaten to accomplish.

This is somewhat to mostly true for Afghanistan, as well.

Totally false in my view. Afghanistan had everything to do with terrorism, was not planned in the 90s, and did not use a "stunning amount of shoddy disinformation."

There are political factions whose agenda demands global dominance and "total war." They believe it's absolutely necessary for our survival and will do anything they can to achieve this.

I don't know of any political faction in the United States that advocates "total war", in the meaning which I understand that term to have.

Nick PJuly 26, 2014 7:36 PM

@ Skeptical

You've found no fault in NSA despite the evidence in the Snowden leaks. I'm not going even try to convince you about this other stuff given the smaller quantity of evidence.

SkepticalJuly 26, 2014 7:55 PM


@Nick - My view is that Snowden's leaks have not revealed any illegal activity by the NSA. As to the legal framework within which the NSA operates, I do think certain improvements can be made, and I've discussed them previously.

And, obviously, no problem as to what you'd like to discuss or not to discuss.

Gerard van VoorenJuly 26, 2014 10:47 PM

@ Skeptical

If the US wanted to do it right, they should have declared war to Iraq.

And that is only one of the stinkeroo issues.

WaelJuly 26, 2014 10:55 PM

@Nick P,

That assumes the languages properties hold during execution...
This assumption is part of "superposition". Take for example Macros. We know they are bad for several reasons such as no type checking, horrible during debugging, prone to errors that are not easily discovered, ugly syntax, not exactly part of the "language proper", and are expanded by a preprocessor. This aspect is independent of the operating system and is a problem with the "language specifications". At a later stage, we can identify the dependancies (and they do exist, but will be "ignored" in an initial stage) and continue...

WaelJuly 27, 2014 12:28 AM

Was reading a bit about types of "zeugma" and came across these words from JFK:
"We shall pay any price, bear any burden, meet any hardship, support any friend, oppose any foe to assure the survival and the success of liberty."
-- John F. Kennedy

Seems he paid a price...

Nick PJuly 27, 2014 12:56 AM

@ Wael

It was one of the many quotes in the excellent opening of the Why We Fight documentary. And yes he paid the price. For what I can never be sure, though.

WaelJuly 27, 2014 2:13 AM

@Nick P,

You'll see me using "linearity" and "superposition" often -- A thing I learnt from studying electromagnetics under a genius professor like Dr. Arthur Ballato who made the courses extremely interesting. I still remember a lot of his lectures and at one point I kept his exams and solutions and read them years later! Too bad I lost them...

I can almost forecast what @Clive Robinson will say about me next. I leaked some information, and he'll come up with some extrapolations :)

Clive RobinsonJuly 27, 2014 5:38 AM

@ Wael,

    I can almost forecast...

PSYC101 "The observer should never be part of the experiment".

And as I have often observed about the TSA and security queues, and the notion of random sampling "The theory only holds when what is being measured cannot alter the result by design".

So now you have said it without an actual prediction, am I exerting "free will" by not doing what you predict, or are you going to argue that I have no free will and therefore have predictably done what you expect?

As it was once pointed out you have to express your prediction before the experiment not after. It was once put as "Golfer has to name the tuft before the swing, not after ball lands", and it's why much of Forensic Science is not science but "mumbo jumbo said over goat entrails". As I've also indicated in the past but a little more polietly with, Science is about 'prediction', from stated causes to repeatable effects, not by arguing backwards from a single effect to 'guessed' cause which is what forensics is all about.

WaelJuly 27, 2014 5:49 AM

@Clive Robinson,

So now you have said it without an actual prediction, am I exerting "free will" by not doing what you predict, or are you going to argue that I have no free will and therefore have predictably done what you expect?

Oh oh! Be careful, you are treading in thin ice here ;) We'll get into the "free willed" vs "driven" and "fatalistic" discussion... It's an interesting subject to me as well, and I used an example just like the one you cited now in previous discussions with others (has to do with religion) :)

Can you say the same about "security", "free will", and "prediction"? I am sure you can tie it to "probabilistic security", too!

I got a "D" in PSYC101. Perhaps I'll share the story someday...

SkepticalJuly 27, 2014 9:05 AM


@Gerard: If the US wanted to do it right, they should have declared war to Iraq.

Maybe. They had Congressional authorization, which is legally sufficient. But perhaps going back to Congress would have required additional scrutiny of the case for war, ultimately resulting in the defeat of it.

Still, Iraq is such a complex issue that I'm not sure changing any one thing would have resulted in doing it right.

Can I separate the issue into 3 parts?

1 - Analytical judgment of WMDs

2 - Case for war

3 - Planning and execution of war

As to 1, keep in mind that it was not just the US IC that assessed Iraq as having WMD capabilities and development efforts. So did the British, the Germans, the French, and numerous other countries. And these assessments had, for the most part, been unchanged for years preceding 2003.

So the raw information to support the WMD assessment was seemingly there (as was raw information to support alternative hypotheses). From an analytical vantage, the question is "why did the analysts, from so many countries and agencies, draw conclusions from that information which turned out to be incorrect?"

My view, which is not original, is that Hussein's behavior was one key piece which motivated the analysts to put together the other pieces of information into a completed narrative - or a complete jigsaw puzzle if you prefer - in which their assessments of WMD were as described in 2002. Another key factor was the history of earlier assessments of Hussein's WMD. As time goes on and effort is expended, it becomes harder to go back and revisit initial assumptions, which is what would have been required for the analysts to come to a substantially different conclusion.

There were other ways to put together the pieces, but the obstacles to doing so were large: dim visibility into Hussein's thinking and regime, general consensus about what he was actually doing, and clear - sometimes inappropriately clear - expectations from policy-makers. On the latter point, there was reported a particularly disgusting episode involving John Bolton, who attempted to have an INR analyst removed because he disagreed with that analyst's assessment. I do not know how accurate that reporting is, however.

As to 2, the case for war is even more complex than the issues raised by 1. However, that case, in my opinion, would have been undermined by an accurate assessment of the resources, time, and casualties required to achieve the desired end-state.

As to 3, this is closely intertwined with 2, since Iraq was a war of choice. There was what seems to me to be an inexcusable lack of attention by the commander in chief on Phase IV planning and follow-through. He ultimately remedied this, and made some very gutsy, correct, calls in the face of political opposition from all sides, but huge damage was done by that point. Moreover, had Phase IV and after received proper attention, the resource, time, and casualties projections would likely have been more accurate. This, in turn, may have tipped the scales against going to war.

Taken together, I view the mistakes that came together to make Iraq what it was (and to some extent is) the result of factors that don't involve malicious intent. Instead they involve errors in judgment resulting from uncertainty, ambiguous and vague information, various biases that tilted analysis, and lack of command attention to crucial questions.

However, I'd add that the neoconservative faction that pushed for war more strongly than anyone else was most prone to analytical errors, most prone to fail to take into account crucial operational contingencies, and had the most negative impact on the entire process. I think they had good intentions, but good intentions don't necessarily translate into good decisions, much less good outcomes.

Gerard van VoorenJuly 27, 2014 1:36 PM

@ Skeptical

The Iraq war is a subject we can discuss to the end of times. I wish I was a bit better in expressing myself in English about it. Add to that that I never visited Iraq and my opinion is formed by watching the news and reading news items. What I want to say is that a discussion about this subject is just that: a discussion. There is nothing to gain in this discussion because it is history. I also don't think we change our opinions after reading each others remarks because we are quite headstrong about this subject.

That said, I was a fierce opponent of the Bush intentions regarding Iraq from day one. I think it was a mistake that political leaders of The Netherlands supported the war. A lot of European countries including Germany, France and Russia didn't support the war at all. For me personal, the prelude was too much "push". They *wanted* to do it, and neglected to take the required steps to do it right. They had blind eyes for declaring war. They ignored the messages from Hans Blix. They did however take care of window dressing with every interview. There were soldiers and flags all over the place where Bush held his presentations.

As you said they didn't think ahead. They made the same mistake that Hitler made after invading the low countries and France. In the case of Hitler he waited a couple of months before trying to invade Britain. By that time the UK was a lot better organized and equipped. If Hitler thought about Britain before invading Western Europe, I think it could have changed the outcome of WW2 (without the A-bombs of course). In the case of the Iraq war the anarchy directly after the invasion should have been thought about before invading the country. The invasion was the easy part. If the US thought more about what should happen right after the invasion, that could have created very much goodwill. Instead they let the people of Iraq down.

Another example of an operation that failed because of neglecting to look into details is Market Garden. A massive operation that was executed with *one week* of preparation. Monty ignored the aerial photos that showed tanks in Arnhem and the reports from the resistance that the 9th and 10th SS division was placed in the Nijmegen and Arnhem area. They also ignored the Dutch landscape, that the radio's didn't work, that there were not enough planes etc. The bone of ending the war before Christmas made the men in charge blind.

But the Iraq war happened and there is nothing we can do about that fact. I think it is a black page in US history.

AnonymousBlokeJuly 31, 2014 10:33 PM

@BJP

Who knows, maybe you will check back on this old thread... but, I will respond...
do note, however, I was pretty well buzzed when writing that, and I am not exactly a transparent guy to begin with.

But, I think I have thoroughly explained this already....

I would put Pearl Harbor on Roosevelt long before blaming Hoover. Can we blame Coventry on anyone but Churchill? ... I'm not aware of any cases where intel officers withheld such information in a way that would leave them culpable. Of course intel exaggerates their relevance to those holding the purse strings; just like every other government department ever. Spend your whole budget or it gets cut next year. Blame every failing on lack of funds. Gain resources as compensation for known incompetence or poor judgement. The feedback loop for any organization not subject to vagaries of "the market" (where failure carries real risk of organizational death) works this way.

Hrrm. :-) I really just like to slam Hoover. I once had a friend who was working the Chinese. He heard from the Chinese that they felt I was "definitely an agent", and pointed out "FBI, NSA, CIA... he's a loser that uses crazy tactics, CIA." But, I have a lot of family background with the FBI and DoJ. So, I like to throw out these sorts of things.

Sorry. But, hey, I do try and be interesting, anyway. ;-)

I will, here, clarify, of course, they were completely wrong. I have worked with TLA as they often have had my own interests at heart. But, I am no agent of any such government. :-)

That would be bias. But, it is also simply where my heart is at.

by making it look like They Are Winning, money flows in to candidates, rage flows out of partisans, people who disagree on the current issue that might agree on a hundred other issues start to dislike each other and stop working together, and we remain divided. It doesn't take a huge overarching conspiracy to grease the wheels of human discord, just a few jerks acting in not-so-enlightened self-interest.

Yes. Bias. Republican... Democrat... as some Arabs have liked to say, "Pepsi, or Coke?"

If you value truth, as you should, you seek to find these things within your self and evade them. ;-)

**sad, old grin**

Their citizens should hold their decision-makers' feet to the fire. But Iraq is on Bush, Cheney, Wolfowitz, et al, not the career guy drubbed into writing about WMD. If I read your statements right you seem to be implying intel community is the tail wagging the dog, but at the moment I won't cede that point. Many of those once in the intel community, the Gen. Alexanders, the George HW Bushes, may use their knowledge, contacts and power to bend the IC to their will, but it's the defense contractor shareholders making the money. It's the jingoistic presidents getting re-elected. It's not career NSA analysts retiring fat and happy. It's not the CIA guy on the ground in AFG profiting.

No, I am not saying, "your hard working, idealistic, true hearted CIA/FBI/NSA/Whatever are bad people".

I just want to be clear about that.

My own goals, ambitions, beliefs often center with a lot of these people. That is a great way for many of them - true believers - to live their lives. I consider them comprades.

I would, however, be lying if I stated that Bush/Wolfowitz/Rumsfeld and company were all about selfishness and their own ends.

I would also be lying if I said that Obama, who has continued and even "worsened" their legacy in many ways... was all about his own selfishness.

Matters are simply much more complicated then they may appear. This goes well beyond public opinion and politics.

I will not make apologies for the Iraq invasion. Nor even for the poorly formed policy of trying to keep everything together, instead of separating the region into Shiite, Sunni, and Kurd.

I simply do not need to do this.

It may be that Bush had his own vision -- Saddam tried to kill his dad. "For Christ's sake". :/

But, intelligence, like executive authority, were both led into a matter which goes beyond their visibility.

They are just human beings. What is the word...? "Sin"? Did you know the word "sin" is a Greek work for being "off target". Of course you do.

They are bad shots. If you pit them against each other, they will miss.

What shall I say here? Hrrm. Means to an end, I strongly disagree with -- ***except*** when you are absolutely sure of having control of the end.

All of these parties - intelligence included - are ignorant. So how can they be blamed?

(Philosophical but very down to earth rhetorical question... I will not go into right now.)


I agree with you so strongly that Snowden never should have happened. Not because "leaking is wrong" or even "harming my country's interests is wrong", but because FFS we're spending enough money that NSA should have systems that are worth a damn. They've moved away from SELinux internally, from what I hear, to more and more Windows (why on earth?), and more and more interaction with DEA, FBI, and other non-intel agencies. I would be shocked -- disappointed, actually, and concerned -- if NSA did NOT have the capabilities Snowden revealed. My discomfort with it all comes down to parallel construction more than anything else. I'm not going to get hot and bothered over listening in on phone calls to foreign nations. I will however get white hot upset at using that information for domestic law enforcement completely disconnected from terrorism or mass casualty effects or national security. I've discussed this with at least one ex-NSA individual who couldn't bring himself to say it didn't happen, and he seemed (between the lines) displeased with that fact. I'm much more interested in seeing perp walks and life sentences for anybody sharing intel community information with law enforcement to put people away for petty crimes, and for the intel community anything that doesn't threaten their nation's existence should be considered a petty crime.

I have respect for the NSA in terms of tech espionage. But, this is light years away from the experience of CIA and FBI.

I will go ahead here and be transparent (as I am so often as oblique as a brick wall), that I have worked with authorities (not necessarily US) at core telco infrastructure levels. And I trusted these people. I, myself, advised them to go to strong lengths to cover information.

Why? For "terrorists"? No. Not only. But, for other possible considerations as well, primarily, to protect against the intrusion which is ever so possible, by authoritarian regimes.

My own, ultimate loyalty, is to a system which does not yet exist.

Now... does this mean that I believe that the American authorities should surveil everyone for the purposes of extortion, power, and money? No.

No, but the people I worked with are my family, my coworkers, my friends. People I have known since my youth. People I trust as absolutely unbiased individuals.

We are not "Americans", but "globalists". We believe in a better world for everyone. And we, alone, can make it happen.

I prefer to focus on what I can do. I can't change what the spooks do. But I can take personal infosec steps that reduce my attack surface for the spooks and for the much more likely threat of random, untargeted bots and targeted organized crime. To that end, I put a write up of mine about securing Firefox for privacy into the URL field for this comment. It won't stop a single TLA but it'll sure keep you from leaking quite so much to the advertisers whose systems TLAs compromise to bring in as additional data sources. Any of you who care to expand on it please do so; it will help someone someday.

I honestly do not know about TLAs. I have worked with them from time to time. I would be lying to say I was not born and raised in this sort of environment. TLAs, they are very different. These guys got a job at some juncture in their lives. Some of them believe as we do. Some of them do not.

The later, we manage.

This does not mean I am angry at Snowden, or any of these other leakers.

Far from it, they too, work in the very same spirit I do, and my family, peers, coworkers do.


It is a tightwire we work.


....

AnonymousBlokeJuly 31, 2014 11:16 PM

@Nick P


"I did not really care, because I knew the chaos that would cause would suit my aims."

I respect your honesty. I'll say that.

Yes, not a politically expedient statement. But if, you want truth? Well, here I am.

:/

That's far from the truth. The defence contractors made billions in profit. Dick Cheney's company Haliburton got large sums in no bid contracts. The banks loaning money for the war will make billions in interest. Congress' stock portfolio did nice during that time period so some of them might have benefited if investing in defense industry knowing about upcoming war. DOD also "lost" tens of billions in cash that you bet somebody found. The only people that lost money are the taxpayers and anyone that bet against the war.

Uh huh.

I - obviously - am not in politics. Directly. I can be. I am not stupid.

Republicans... and Democrats... fight it out with each other. Their apologists.

They have no reason, no understanding, on what is really going on.


Put it this way: Our aims are final and reasonable. We do not need politics. We can use them to our ends. We are that confident on... the ends.

As in, 'means to an end'. :-)

"This whole "blood for oil" thing was bullshit. Cry wolf."

And ExxonMobil got a huge oil deal via the new government. They'll make billions a year. Even Warren Buffet thinks it's a gold mine as he bought 8.8 million shares in one of the companies. There's also been generals and spooks admit it was about oil. After all, as one CIA analyst said, if you don't have it your army ceases to move. Imperialists can't have that, eh?

That said, oil wasn't the reason we went there. Their written plan was dominating the world, esp with military. There were people over there that didn't go along with their foreign policy goals. So, we dealt with them in a way that sends a message to the next country that resists. Taking their profitable resources was just... icing on the cake. And a war spoil stakeholders were expecting, I'll add.

Okey, dokey...

I will admit, wherever I find forces where I have to encourage them by what I know they are interested in, so I do. Even if I do not provide it to them.

And?

I am sorry. Republican or Democrat politics this looks like I have blood all over my face. Maybe... I am a vampire.

But, the truth is my aim is simple: the end of death, and everything less. Plagues, wars, confusion, disease, all such things.

Yes... it is true. We are mind fucking and controlling your leaders. I apologize for that. We have a sure promise on the ends. So, means to an end.

If you wish to demonize me, and my friends, my family. Go for it. But, in the end, we have all the capital.

We will make good on everything.

:-)

"No... whomever or WHATever is behind this Evil Crap... is far more diabolical then any of that... :-)"

Which brings me to this statement. We come from different directions, but I agree with this statement. I figured out a lot of the names on the list. No point in sharing them. Only a strong push by majority of Americans could defeat that group of people. And that group controls the (23?) corporations that own all the major media companies which inform Americans. It looks like a brilliant and sad checkmate to me.

And....

Your position is unpredictable to me?

Get over your self.

We are your parents.

Look, trust "Heaven" for once. Or not.

Believe me, we have enough power to ensure our aims are met.

AnonymousBlokeJuly 31, 2014 11:59 PM

@benni

@ AnonymousBloke

So... how did they really design it to be broken, I wonder..

Well, tor was not build against a state actor monitoring the entire net.

It was build that NSA agents could read soviet internet sites, without getting into headlines like "On my blog, I have three dozens of CIA personnel reading it everyday"

And for this, tor is still doing an excellent job. It does an excellent job even against companies like google tracking you.

This is stated by the tor project itself, it was a tool designed for open source intelligence. And it is used even if they hack into single targets, like companies, embassies or individuals as the gchq toolset of jtrig shows.

Also, it can be used if you communicate for short time, so that they do not get the time needed to make their correlation analysis (this attack will cost them some days, as the academic paper I quoted above says)

tor was never built to protect against an agency where, according to Binney https://netzpolitik.org/2014/live-blog-4-anhoerung-im-nsa-untersuchungsausschuss/ around the year 2000 "we created a network graph of the entire world where we could zoom into parts and monitor sub networks and calls as desired"

Of course, they have not built tor to protect against themselves....

But the aspect is there:

When you have an upstream collection of 3.4 Tbit/s you somehow need to find interesting targets. And these are ones who try to encrypt something (Cryptographers are prime targets, says Binney in the above link on the question whether somone who is occupied with encryption in germany could become a target) or people who want to stay anonymous for some reason. Binney says they would be very interested in journalists, wanting their source, and dissidents as well...

And that pretty much seems like a large part of the target customer list of tor.

One would need more details, reports on talks at the US navy or the NSA or darpa at the time tor was first developed, in order to determine whether tor was deliberately build for marking targets for NSA.

But perhaps this is not important at all. Important is that they WANT to use tor as honeypot, as they say in the tor stinks slide:

"Critical mass of targets use Tor. Scaring them away might be counterproductive.
We can increase our success rate and provide more client IPs for individual Tor users."

And therefore an effort to use tor as honeypot is certainly under way. We just need to know how far they went achieving this. Slides from agents who say that they do not even know how many tor relays NSA/GCHQ operate do not help much here, unfortunately.


Benni... all I can say, is that evil will be borne to its' greatest slime.

And, then what?


I have to say... I do not blame Bush nor Obama for anything, really.


If you wish to blame someone like me, please do so. I can explain my reasonings for these seemingly crazy moves.


/...

I can only assure you -- I do not wish to watch everything you say and do...


Far from it. And quite the opposite.

;-)

Nick PAugust 1, 2014 12:44 AM

@ AnonymousBloke

You write as if you're one of the organizations or individuals on my list of elites. Yet, you're writing style and words suggest you're clearly not one of them: merely writing a post from what you think is their perspective. You no doubt could have some stake in their schemes, like stock or a job working for them. Yet, you're most likely yet another piece they move on the board just like all the rest. Another asset to use to accomplish a goal or generate a return. I'll focus on your portrayal of them rather than you, though, as pure speculation isn't my thing. ;)

The picture you paint of them is somewhat accurate. It applies to the majority of the group. They do want stability, focus on capital/ROI, and do whatever it takes to preserve/expand what benefits them. They're very powerful, well-educated, and practical. The group typically uses a fait accompli strategy to do things piece by piece over the long term. I've often said it's the best strategy to use against a democracy and it works very well due to their media control. This group is certainly an opponent, although not as worrying as another faction in it.

The Citigroup leaked memos showed what concern these people. Chief among them were voter revolt, inflation, instability in the Middle East, and regulation. Pushing politicians (and voters) in certain directions is their main strategy in all cases. However, certain factions of them sometimes get too much control and push in dangerous directions. The faction that promoted the wars in Iraq and Afghanastan showed they can't be trusted to manage the Middle Eastern part of the problem. There's been much better proposals by elite-funded think tanks on how to address those problems without massive blowback. The dominant elite faction of the time caused about as many problems for elites' overall strategy as they did the rest of us. It's good to see that group lost power and others advocating more targeted efforts with less blowback potential are now in control.

The other instance I'll note is the crisis in 2008. This was another scheme by the financial portion of the elites to cash in big. It was actually one of the best things that ever happened to this country as it provides unequivocal evidence against them on many fronts should the public ever actually look at such evidence. Mainly, it showed that even the elites focused on stability and ROI couldn't be trusted to act in their best interest. They risked the entire financial system that they depended on to squeze money out of a scheme. The bailout was originally downvoted and even mighty Meryl Lynch tanked. The whole lot of them got very close to loosing everything they achieved before they lucked out being successful with a backup scheme. (Part luck, part skill I'll give them...)

"Our aims are final and reasonable. We do not need politics. We can use them to our ends. We are that confident on... the ends."

"We are your parents. Look, trust "Heaven" for once. Or not."

So, such pronouncements of the elites make shouldn't be trusted. They're willing to risk themselves and us just for a particular scheme when they're already rolling in cash and power from more stable schemes. They also aren't immune to certain factions getting in control causing more blowback than anyone cares to deal with. It took groups like them 50 years to tied up their imperialism in Vietnam, 20-30 years to tie up OBL/Sadaam loose ends, and their most recent scheme expanded currency-related liabilities so much it threatens the financial elite specifically. Democracies *might* be better off with elites around whose selfish benefit is tied to stability and an improving status quo. I'll admit that. The current round of elites are showing they don't measure up, though.

The good news is that they're not invinceable. A number of their factions have stayed taking a beating in Europe despite the financial/regulation factions almost totally succeeding in their schemes over there (eg European Union). Additionally, the financial elite's 2008 actions (along with Wikileaks) inspired Iceland to show other democracies how it's done: they jailed the bankers and their politicians; put new people in office; passed laws voiding the debt; seized banking infrastructure; passed strongest press protections in the world as early warning system for next elite scheme.

Powerful elites in America and Europe failed to prevent this despite their power and the money on the line. Leaked NSA slides indicate they couldn't coerce their cooperation either. Both were surprising as even I brainstormed leverage on them and the kind DOD/NSA could think of themselves. Yet, DOD, State, NSA, and the financial elites all failed here. Elite-dominated media promoted the view that their anti-capitalist actions would cause their country to collapse. Many years later, they're doing better than every country in their class and still independent far as I can tell.

Lesson to learn: the elites are very good at what they do, but they can be beaten by an active democractic population. The main reasons they win in most Western countries is a combination of apathy and easy distraction in people. Neither of those two traits are a skill on elites' part. So, they could be beaten here albeit with considerable effort. The best strategy I've heard starts with local governments to create obstacles for them, lets that pile up a bit, and slowly moves those people into federal positions as they leave likeminded individuals in the local ones. This strategy has actually worked on a number of hotbutton issues that weren't related to elites. It might work on them, as well.

"Believe me, we have enough power to ensure our aims are met."

Many critical issues they want gone (and are pushing plans for) are still here. They've failed so far. Some of these for decades straight. Their power obviously isn't as great as they'd lead us to believe. All the empires that came before them fell and many of their elites did as well. These are more sophisticated. Yet, history isn't on their side and their own reckless behavior sure isn't helping. They'll be beaten or collapse due to their own schemes.

AnonymousBlokeAugust 1, 2014 2:12 AM

@Nick P

You write as if you're one of the organizations or individuals on my list of elites. Yet, you're writing style and words suggest you're clearly not one of them: merely writing a post from what you think is their perspective. You no doubt could have some stake in their schemes, like stock or a job working for them. Yet, you're most likely yet another piece they move on the board just like all the rest. Another asset to use to accomplish a goal or generate a return. I'll focus on your portrayal of them rather than you, though, as pure speculation isn't my thing. ;)

Whatever you wish to believe.

I am one of many. When I was young, my dad had me live alone on a desert island.

I was very interested in getting a message out from that. But, I decided the best thing to do, was to reboot, and live a different way. I felt I could shift gears and live a more corporate, quiet life. How did I put it? Plodding along in my own head trip.

My difference... from anyone I know... is that I am totally human.

I do not live up in the stars. I live down here, on planet earth.

We are your vampires. We are your werewolves. We are the monsters you want us to be.

Some of us have wings. I do not.


My machinations are totally evil by your book. I admit this.

But we have such control, that we can be assured, indeed... our ends will be found, so the means are fine, regardless of how... ugly... they may be.

Those ends are immortality for the world population.


The picture you paint of them is somewhat accurate. It applies to the majority of the group. They do want stability, focus on capital/ROI, and do whatever it takes to preserve/expand what benefits them. They're very powerful, well-educated, and practical. The group typically uses a fait accompli strategy to do things piece by piece over the long term. I've often said it's the best strategy to use against a democracy and it works very well due to their media control. This group is certainly an opponent, although not as worrying as another faction in it.

Heh. No....


This is the way of humans.... no one said we are human.

We ... are not... human.

The Citigroup leaked memos showed what concern these people. Chief among them were voter revolt, inflation, instability in the Middle East, and regulation. Pushing politicians (and voters) in certain directions is their main strategy in all cases. However, certain factions of them sometimes get too much control and push in dangerous directions. The faction that promoted the wars in Iraq and Afghanastan showed they can't be trusted to manage the Middle Eastern part of the problem. There's been much better proposals by elite-funded think tanks on how to address those problems without massive blowback. The dominant elite faction of the time caused about as many problems for elites' overall strategy as they did the rest of us. It's good to see that group lost power and others advocating more targeted efforts with less blowback potential are now in control.

This is... again... assuming mortal human beings are behind everything....

The other instance I'll note is the crisis in 2008. This was another scheme by the financial portion of the elites to cash in big. It was actually one of the best things that ever happened to this country as it provides unequivocal evidence against them on many fronts should the public ever actually look at such evidence. Mainly, it showed that even the elites focused on stability and ROI couldn't be trusted to act in their best interest. They risked the entire financial system that they depended on to squeze money out of a scheme. The bailout was originally downvoted and even mighty Meryl Lynch tanked. The whole lot of them got very close to loosing everything they achieved before they lucked out being successful with a backup scheme. (Part luck, part skill I'll give them...)

Again, assuming human beings are all you are playing with on the field.

Consider a world which is boundless.

And then, consider this world which is full of bounds. A maze of bounds, of limitations.

Wilderness of walls, I believe is the term...


"We are your parents. Look, trust "Heaven" for once. Or not."

So, such pronouncements of the elites make shouldn't be trusted. They're willing to risk themselves and us just for a particular scheme when they're already rolling in cash and power from more stable schemes. They also aren't immune to certain factions getting in control causing more blowback than anyone cares to deal with. It took groups like them 50 years to tied up their imperialism in Vietnam, 20-30 years to tie up OBL/Sadaam loose ends, and their most recent scheme expanded currency-related liabilities so much it threatens the financial elite specifically. Democracies *might* be better off with elites around whose selfish benefit is tied to stability and an improving status quo. I'll admit that. The current round of elites are showing they don't measure up, though.

The good news is that they're not invinceable. A number of their factions have stayed taking a beating in Europe despite the financial/regulation factions almost totally succeeding in their schemes over there (eg European Union). Additionally, the financial elite's 2008 actions (along with Wikileaks) inspired Iceland to show other democracies how it's done: they jailed the bankers and their politicians; put new people in office; passed laws voiding the debt; seized banking infrastructure; passed strongest press protections in the world as early warning system for next elite scheme.

Powerful elites in America and Europe failed to prevent this despite their power and the money on the line. Leaked NSA slides indicate they couldn't coerce their cooperation either. Both were surprising as even I brainstormed leverage on them and the kind DOD/NSA could think of themselves. Yet, DOD, State, NSA, and the financial elites all failed here. Elite-dominated media promoted the view that their anti-capitalist actions would cause their country to collapse. Many years later, they're doing better than every country in their class and still independent far as I can tell.

I can assure you I care very little for either money or "power". I put there, "power" in quotes because of the way you define it.

The rich, the elites, are of no consequence to me. If they work very hard for their position, it probably does me well. Most of them do.

I pretty well sit back and take it easy.

I make a six figure income, and pretty well always have.


We are going to completely take over this place. Probably within the next year.

At which time we will all change so everyone sees us as we really are.


End of mortality. I mean, what else do you want.


It may be that we set it up so everyone is really pissed off at Israel, and go and fight against them.

Or... it may be that we have everyone come against us. Right here. Right now.


Does not really matter. We win.

And no, we are not mustache twirling evil guys.


Most of us have wings.

I ... do not.

AnonymousBlokeAugust 1, 2014 2:23 AM

Here are a few facts: your world is set on a collision course with destruction.

"It's the end of the world as we know it..."

...

You want some kind of feel good message beyond that? Forget it. You and I both know what we are heading towards. Do not be hypocrites about the signs of the times.

Do you want to feel fine. Or do you want to know something that is much worse then death.


There is a change coming to humankind... that change will alter everything that people know.

AnonymousBlokeAugust 1, 2014 3:23 AM

Anyway, just to make clear my own position:

Death... and everything less then that: old age... disease... war... and sooo much more... that is what we are talking about ending.

...

I understand, so deeply, in a world so full of so many bounds... how this can sound impossible. Insane.

But, it will happen.


M.I.A. Paper Airplanes. All I want to do -- bang, bang, bang --- is take your money...


Now, why... would we make these sort of announcements on this sort of forum??

Because there *is* TLA here.


Because there are spies here from a wide variety of countries.


We want you to fuck with us.


AnonymousBlokeAugust 1, 2014 4:06 AM

@Gerard van Vooren & figure.it.out

Look guys, whatever. I am just telling you what will happen.

I have some responsibility to do this -- but not much.


I am saying what you have on planet earth is a bunch of chrysalis'. And the "rapture" is simply people changing from that.

I have seen that change already.

I have no reason to lie to you, nor to anyone.


When the mass transfiguration happens, we will completely take over the world. This is what you call the "Coming of the Kingdom of God".

I am not sure what anyone may want to know beyond this.


Iraq is meaningless. The whole Gaza-Israel war is meaningless. Ukraine is meaningless.


We are talking about the end of disease, of all manner of wounds, of death. Immortality.


Gerard van VoorenAugust 1, 2014 4:27 AM

@ AnonymousBloke

The choice is up to you as always.

If you want to behave like a ... there is a large chance you get a STD. That is nobody will want to take you seriously. ;-)

If you want to inform. Fine.

If you want to confess. Fine.

So the question is what will you smoke before posting, if you know what I mean. That is how I think about it.

WaelAugust 1, 2014 5:11 AM

@Gerard van Vooren,

So the question is what will you smoke before posting
Hopefully something that doesn't make him see sounds and hear light.

@AnonymousBloke,
I've been observing you for a while. You were coherent, what happened to you?

I am just telling you what will happen
Prove it! Or at least give a heuristic argument!

Nick PAugust 1, 2014 1:14 PM

@ Wael

"I've been observing you for a while. You were coherent, what happened to you?"

I agree. He went from talking like a reasonable person to rambling like a person not on meds. So, I'm done with the thread. ;)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.